NetFlow setup for 3750x with C3KX-SM-10G

by | Aug 18, 2015 | Cisco, Networking | 2 comments

The Cisco 3750x switch does not support NetFlow natively, but the C3KX-SM-10G module has ASICs that support NetFlow.  With the C3KX-SM-10G module, NetFlow can only be run on the 4 interfaces in the module — this does not add NetFlow on the entire switch.

It is however possible to capture the switch’s traffic and port mirror (SPAN) it over to one of the C3KX-SM-10G interfaces so that it can be exported for NetFlow.  The problem is that in order to mirror traffic to a port and export NetFlow, the port must be in an UP state.  In order to force the port up we took an LC fiber patch cable and split apart the plastic end and pulled the cable apart so that we had 2 single fiber strands.  Then we plugged in an SFP and connected the port into itself by looping the single fiber back to the same SFP.  Use caution with this as it will create a loop — it might be better to setup the mirror first as it will put the port in an UP/DOWN state that I’ll mention later.

LC Patch Cable Loop

First setup the port mirroring selecting the source VLANs or interfaces.  Also point the SPAN at the interface where the fiber loop is on the C3KX-SM-10G.

monitor session 5 source vlan 1 – 5 , 7 , 100
monitor session 5 destination interface Gi4/1/2

Then setup the NetFlow export.  Start by defining the flow monitoring records.

flow record NETFLOW
 match datalink source-vlan-id
 match datalink dot1q priority
 match datalink mac source-address
 match datalink mac destination-address
 match ipv4 version
 match ipv4 tos
 match ipv4 ttl
 match ipv4 protocol
 match ipv4 source address
 match ipv4 destination address
 match transport source-port
 match transport destination-port
 match interface input physical snmp
 collect interface output snmp
 collect counter flows
 collect counter bytes
 collect counter packets
 collect timestamp sys-uptime first
 collect timestamp sys-uptime last

Then setup the NetFlow export parameters and bind the records to the export

flow exporter EXPORT
 destination 10.100.1.5
 source Vlan7
 transport udp 2055
 option interface-table timeout 60
!
!
flow monitor NETFLOW
 record NETFLOW
 exporter EXPORT
 cache timeout active 60

Lastly configure the port on the C3KX-SM-10G to export the flow.  We had to disable UDLD in order to allow the fiber loop.

interface GigabitEthernet4/1/2
 ip flow monitor netflow layer2-switched input
 udld port disable

Please note that if you show the interface (i.e. “show interface gig 4/1/2”) the port will show UP/DOWN because the port is monitoring:

GigabitEthernet4/1/2 is up, line protocol is down (monitoring)

Good luck!

Read More Related Posts:

  1. Barracuda ADC Load Balancer – How to show client IPs and not the proxy IP address – Part 1 In order to see the client origination IP address on...
  2. ERSPAN to Wireshark — and How to Fix if Not Working Packet Capture on a Remote Cisco Device Typically when I...
  3. Music On Hold Streaming from an FXO port on CME 8.8 Here’s another CME feature that did not work quite as...
  4. Barracuda ADC Load Balancer – How to show client IPs and not the proxy IP address – Part 2 In my first post on showing the client IP addresses...

2 Comments

  1. Robin
    Robin on October 13, 2015 at 7:04 am

    Brian,

    Any advice about verification commands we can try to confirm that the interfaces are actually sending out Netflow info? Having an issue where our NMS is failing to see data from 2 out of 4 identically configured interfaces. The usual show ip flow commands seem to be available on the 3750x but come back with either no data or to inform me that Netflow is disabled.

    Good clear doc btw.

  2. Luke
    Luke on December 5, 2015 at 1:08 pm

    Robin, the command you want for that on this platform is

    show flow exporter statistics