Submit a ticketCall us

Training ClassThe Orion® Platform Instructor-led Classes

Provided by SolarWinds® Academy, these trainings will introduce users to the Orion Platform and its features, management, and navigation. These courses are suitable for users looking to discover new tips, tricks, and ways to adapt their Orion products to better suit their monitoring needs:
Deploying the Orion Platform
Configuring Orion views, maps, and accounts
Configuring Orion alerts and reports

Reserve your seat.

Home > Success Center > Netflow Traffic Analyzer (NTA) > NTA - Knowledgebase Articles > Layer 2 NetFlow

Layer 2 NetFlow

Updated October 6th, 2016


Netflow will only summarize Layer 3 traffic. This means you will only see traffic that passes from one VLAN to another (interVLAN) or routed traffic. You will see Thwack posts and blog posts on occasion referencing “layer 2” Netflow, however, the main point to note is:

“Netflow Layer 2” is not correctly named. We do have Thwack links and blog posts that reference this, however, what this does is set the device up to capture Layer 3 traffic that is being switched instead of routed.




You won’t see your layer 2 traffic showing which switchport it arrived and left on. These are layer 2 ports, and its not possible to configure Netflow on them. To see the layer 3 switched traffic, you need to enable Netflow on the VLAN interface. Traffic arriving to the switchports belonging to that VLAN will be seen on that VLAN interface once Layer 3 Netflow has been enabled. Sometimes you might see the management interface on the switch show up as well.

Layer 3 Switched Netflow commands:
(Note, this will depend on the device itself and may differ – also, many device will support netflow layer 3 but not layer 2)
ip flow ingress (enable Netflow on the layer 3 interface – the VLAN interface for example)
ip flow ingresslayer2-switched (Enable layer 3 switched netflow)
ip flow ingress infer-fields (Capture the input and output interfaces for logical interfaces)

A reference guide for Netflow Layer 3 switched:

Catalyst 4500 Series Switch Cisco IOS Software Configuration Guide, Chapter: Configuring NetFlow Statistics Collection (© 2017 Cisco, available at, obtained on January 11th, 2017.)


Here is a link to a Cisco document that goes through the steps for configuring Netflow on 6500 series swtches, both hybrid and native IOS. 
They key command to monitor layer 2 is "ip flow ingress layer2-switched vlan xxxx".

Also verify the NDE version is version 5, by default version 7 is configured.

Catalyst 6500/6000 Switches NetFlow Configuration and Troubleshooting (© 2017 Cisco, available at, obtained on January 11th, 2017.)

The commands you need for layer2-switched traffic:
ip flow ingress layer2-switched vlan <vlanlist> 
ip flow export layer2-switched vlan <vlanlist>

However, from the IOS guide: A PFC3B or PFC3BXL running 12.2(18)SXE or higher is required for this command, which enables NDE for all traffic within the specified VLANs rather than just inter-VLAN traffic.

If you are using a CatOS you may use the following command: 
set mls bridged-flow-statistics enable <vlanlist>

Last modified