Submit a ticketCall us

Have You Auto Renewed? If not, you're missing out.
The SolarWinds Renewal Program comes with a host of benefits including the most recent product updates, 24/7 technical support, virtual instructor-led training and more. Experience all of this with the convenience of Auto Renewal, and never worry about missing any of these great benefits. Learn More.

Home > Success Center > Netflow Traffic Analyzer (NTA) > Layer 2 NetFlow

Layer 2 NetFlow

Updated October 6th, 2016

Overview:

Netflow will only summarize Layer 3 traffic. This means you will only see traffic that passes from one VLAN to another (interVLAN) or routed traffic. You will see Thwack posts and blog posts on occasion referencing “layer 2” Netflow, however, the main point to note is:

“Netflow Layer 2” is not correctly named. We do have Thwack links and blog posts that reference this, however, what this does is set the device up to capture Layer 3 traffic that is being switched instead of routed.

Environment:

NTA

Details:

You won’t see your layer 2 traffic showing which switchport it arrived and left on. These are layer 2 ports, and its not possible to configure Netflow on them. To see the layer 3 switched traffic, you need to enable Netflow on the VLAN interface. Traffic arriving to the switchports belonging to that VLAN will be seen on that VLAN interface once Layer 3 Netflow has been enabled. Sometimes you might see the management interface on the switch show up as well.


Layer 3 Switched Netflow commands:
(Note, this will depend on the device itself and may differ – also, many device will support netflow layer 3 but not layer 2)
ip flow ingress (enable Netflow on the layer 3 interface – the VLAN interface for example)
ip flow ingresslayer2-switched (Enable layer 3 switched netflow)
ip flow ingress infer-fields (Capture the input and output interfaces for logical interfaces)

A reference guide for Netflow Layer 3 switched:

Catalyst 4500 Series Switch Cisco IOS Software Configuration Guide, Chapter: Configuring NetFlow Statistics Collection (© 2017 Cisco, available at http://www.cisco.com, obtained on January 11th, 2017.)

 

Here is a link to a Cisco document that goes through the steps for configuring Netflow on 6500 series swtches, both hybrid and native IOS. 
They key command to monitor layer 2 is "ip flow ingress layer2-switched vlan xxxx".

Also verify the NDE version is version 5, by default version 7 is configured.

Catalyst 6500/6000 Switches NetFlow Configuration and Troubleshooting (© 2017 Cisco, available at http://www.cisco.com, obtained on January 11th, 2017.)

The commands you need for layer2-switched traffic:
ip flow ingress layer2-switched vlan <vlanlist> 
ip flow export layer2-switched vlan <vlanlist>


However, from the IOS guide: A PFC3B or PFC3BXL running 12.2(18)SXE or higher is required for this command, which enables NDE for all traffic within the specified VLANs rather than just inter-VLAN traffic.

If you are using a CatOS you may use the following command: 
set mls bridged-flow-statistics enable <vlanlist>

Last modified

Tags

Classifications

Public