Netflow on L2 switch

Is it possible to collect traffic statistics from catalyst 2970?
When I enter interface config mode and type:
ip route-cache flow
the switch does not accept this command.
Is there a way to configure 2970 switch for exporting traffic statistics?

hi
You can make use of SPAN to achieve this ,for more info do refer this link..
http://www.cisco.com/en/US/products/hw/switches/ps5206/products_configuration_guide_chapter09186a00805a8a71.html
regds

Similar Messages

Netflow configuration on 4510 switch

Hi everyone,
I have a 4510 with sup7e and I would like to deploy netflow on this switch. The network will contain the 4510 switch where there will be 4 blades installed, each blade contains a separate Zone (vlan) . These 4 zones will then trunk upto a firewall via ten gig link over sub-interfaces. There will be an ip address assigned to each vlan on the 4500 switch but there can not be routing enabled between the vlans on the switch. If anyone could describe or show if it is possible to configure netflow with this scenario, it would be very much appreciated.

You will need the IP services (or above) image with the Sup 7E on a Catalyst 4k. Assuming you have that, I believe you can use flexible Netflow and set up a separate flow exporter with each of your zones' SVI as the source.
See this guide: link.

Netflow 3750x config

Hello Dears
Your assistance so appreciated !
I have configured Netflow on my switch c3750x ios (15.0(2)) , as the following configuration :
flow record Netflow
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
collect interface input snmp
collect interface output snmp
collect counter bytes
collect counter packets
flow exporter Netflow-to-Solar
destination 192.168.1.1
source tengigethernet 1/1/1
transport udp 2055
flow monitor Netflow-Capture
record Netflow
exporter Netflow-to-Solar
cache timeout inactive 10
cache timeout active 5
interface TenGigabitEthernet1/1/1
ip flow monitor Netflow-Capture input
ip flow monitor Netflow-Capture output
but from my solarwind netflow analyzer , said that ( Data is not available ) . just please help to solve what the issue ?

Can you do the following command and provide the output please:
show flow exporter Netflow-to-Solar
Thanks,
Manny

How can I track a days worth of total bandwidth usage?

I've been trying to figure this out for a while now... I have setup SNMP with Solarwinds NPM to gauge the bandwidth over a link using the OID,
iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifOutOctets &
iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifInOctets but these seem to only show the current bandwidth utilization at the time of polling the device. I want this information but I also need to know the total amount of bandwidth traversing over a link for an entire day.
I'm trying to gauge the amount of bandwidth used for a server that's continually replicating to a backup server. So I would like to know the amount of data that was transferred for the entire day and also the maximum load amount during that time. Can I setup something like this on a 2960 switch or perhaps create a SPAN port that is linked to a system with bandwidth monitor software?
Thanks for any advice! -Mark

Netflow is the best tool for this, assuming you have a router in the path that supports Netflow. (L2 switches and most L3 switches do not but most routers do.)
Given a Netflow-capable device, export the flows to a Netflow server (Solarwinds and Manageengines make licensed ones and one can also use an open source one like ntop). There you can look at total volume of traffic generated from a given source-destination address pair.

Nexus 7010 mgmt0 useage opinion

As a Senior Network Engineer I have entered into a bit of a debate with our Architect about the use of the mgmt0 interfaces on the nexus 7010 switch (dual-sups, M2 and F2 linecards).
I would like to know opinion of the Cisco support network.
I believe the mgmt0 interface should left alone for control plane traffic only and Out Of Band management access (ie ssh). At the moment I have made a subnet for all VDCs with the mgmt0 (vrf management) sitting in a common subnet. The physical mgmt0 interfaces from both SUPs are connected a management hand off switch. The mgmt0s also serves as our control plane for VPCs. The VPC peer-link however is using main interfaces of the line-cards.
The opinions;
- The Architect thinks we should use all the mgmt0 interfaces for snmp, ntp, tacacs netflow-analysis and switch management.
- However, I think I should use a traditional Loopback to perform these functions within the linecards. The mgmt0 should only be used if traditional restricted switch access has failed.
My Basis;
the Loopback never goes down, uses multiple paths (the OOB hand off switch could fail closing switch management access completely). The mgmt0 should be used as a last resort of management access to CMP.
Thoughts please - Cheers

I see your point about wanting to mitigate the impact of losing the OOB switch. I don't think the mgmt0 interface going down is considered the level of failure that will trigger a Supervisor switchover though. That's the way I read the Nexus 7000 HA whitepaper (and what I've seen based on some limited experience with taking apart a 7k pair).
So, no the 7k can't send you an SNMP trap or syslog message if it's configured management path is offline. Mitigation of that could be via your NMS polling the devices's mgmt0 addresses. No response = trouble in paradise. Investigation step would be to log into the 7ks using the loopback IP and local authentication since your TACACS source-interface (mgmt0) is offline and going from there.
The handful I've built (mostly 5k setups) I go for a Cat 3k switch with dual power supplies as the OOB switch. Once one of those is setup and seen not to be DOA, it's generally going to stay up until someone goes in and uplugs it or initiates a system reload.

How to: Netflow on a L3 Switch WS-C3560X-48P

Hello Community,
I want to use netflow on our l3 switches. But my configurations dont work.
What is my mistake?
Modell: WS-C3560X-48P
Software Version: 15.0(1)SE3
My Config:
interface vlan 250
ip flow monitor Monitor-FNF input
ip flow monitor Monitor-FNF output
flow record Record-FNF
description Flexible NetFlow with NBAR Flow Record
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
collect routing next-hop address ipv4
collect transport tcp flags
collect interface output
collect counter bytes
collect counter packets
flow exporter Export-FNF
description DescriptionTEXT
destination [NetFlow collector IP address]
source vlan50
transport udp 9001
export-protocol netflow-v9
flow monitor Monitor-FNF
description FNF/NBAR Application Traffic Analysis
record Record-FNF
exporter Export-FNF
cache timeout active 60
cache timeout inactive 10

Silly question but do you have a network services module installed?
From the documentation: "Flexible NetFlow is supported only on the Catalyst 3750-X and 3560-X switch running the IP base or IP services feature set and equipped with the network services module. It is not supported on switches running the NPE or the LAN base image."
It actually also mentions: "NetFlow analysis is performed on traffic crossing the physical interfaces on the network services module."
Sourced from here: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/15-0_1_se/configuration/guide/3750xcg/swmnetflow.html

Couldnot Export Netflow entries in the PFC (hardware switched)

Hi,
On the Netflow Collector we are not able to see hardware switched flow entries in PFC, but software switched flow entries in MSFC can be seen. One thing which I have observed in the "show ip cache flow" output I see PFC as standby although the flow entries are there. We did the packet capture on the netflow collector but could not find hardware switched flow entries, so it seems that 6506 is not sending PFC entries.
Following is the configuration.
mls aging long 64
mls aging normal 32
mls netflow interface
mls flow ip interface-full
no mls flow ipv6
mls nde sender version 5
mls cef error action reset
ip flow-cache entries 128000
ip flow-cache timeout active 1
ip flow ingress layer2-switched vlan 10,20
ip flow-export source Loopback0
ip flow-export version 5
ip flow-export destination 10.19.20.31 9996
show ip cache flow
Displaying software-switched flow entries on the MSFC in Module 5:
IP packet size distribution (8679322 total packets):
   1-32   64   96 128 160 192 224 256 288 320 352 384 416 448 480
   .132 .142 .325 .166 .082 .046 .019 .015 .006 .000 .001 .000 .001 .000 .013
    512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
   .001 .001 .001 .005 .035 .000 .000 .000 .000 .000 .000
IP Flow Switching Cache, 8454644 bytes
30 active, 127970 inactive, 1523126 added
438002488 ager polls, 0 flow alloc failures
Active flows timeout in 1 minutes
Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 1040712 bytes
30 active, 31970 inactive, 1522942 added, 1522942 added to flow
0 alloc failures, 0 force free
1 chunk, 1 chunk added
last clearing of statistics 2w1d
Protocol         Total    Flows   Packets Bytes Packets Active(Sec) Idle(Sec)
--------         Flows     /Sec     /Flow /Pkt     /Sec     /Flow     /Flow
TCP-FTP          40819      0.0        10    73      0.3       0.5       3.1
TCP-FTPD         40607      0.0         3    42      0.1       0.0       1.5
TCP-WWW           2071      0.0        10   918      0.0       5.1     164.8
TCP-other        39829      0.0        25   245      0.7       6.6     188.0
UDP-DNS           1579      0.0         3    92      0.0       6.7     293.7
UDP-NTP           3309      0.0         2    94      0.0     105.4     195.0
UDP-TFTP             2      0.0        10    52      0.0     169.3     131.2
UDP-Frag             5      0.0         1    57      0.0       1.0     299.5
UDP-other       576228      0.4         2   197      1.1      13.8     285.8
ICMP             55727      0.0         4   591      0.1     161.5     137.9
GRE              28899      0.0        45    28      0.9     285.4       1.0
IP-other        111838      0.0        34   129      2.9     292.4       8.0
Total:          900913      0.6         9   150      6.5      65.0     202.5
SrcIf         SrcIPaddress    DstIf         DstIPaddress    Pr SrcP DstP Pkts
Gi5/2         172.16.148.254 Tu2           10.191.32.12    2F 0000 0000     2
Gi5/2         172.16.195.254 Tu4           10.191.32.14    2F 0000 0000     2
Gi5/2         10.191.32.62    Vl10          10.191.32.12    2F 0000 0000     4
Displaying hardware-switched flow entries in the PFC (Standby) Module 5:
SrcIf            SrcIPaddress     DstIf            DstIPaddress    Pr SrcP DstP Pkts
Tu5              10.191.8.89      Vl10             10.190.102.240 2F 0000 0000 4780
Tu5              10.191.8.89      Vl10             10.190.103.89   2F 0000 0000 6218
Gi5/2            10.122.3.35      Tu4              172.16.33.97    06 008B 105F     1
Tu5              10.191.8.89      Vl10             10.190.102.123 2F 0000 0000    73
Tu5              10.124.24.45     Tu2              172.16.148.17   06 0E9F 008B     2
Tu5              10.124.114.221   Gi5/2            10.129.1.89     06 4E21 04D8   450
Gi5/2            10.70.72.8       Tu6              172.16.105.242 06 0050 0B3E     5
show module
Mod Ports Card Type                              Model
5    9 Supervisor Engine 32 8GE (Active)      WS-SUP32-GE-3B
6    9 Supervisor Engine 32 8GE (Hot)         WS-SUP32-GE-3B
Mod MAC addresses                       Hw    Fw           Sw           Status
5 001f.6cfe.aba2 to 001f.6cfe.abad   4.6   12.2(18r)SX2 12.2(33)SXH3 Ok
6 001f.9e9a.ae4c to 001f.9e9a.ae57   4.6   12.2(18r)SX2 12.2(33)SXH3 Ok
Mod Sub-Module                  Model              Serial       Hw     Status
5 Policy Feature Card 3       WS-F6K-PFC3B               2.4    Ok
5 Cat6k MSFC 2A daughterboard WS-F6K-MSFC2A    4.0    Ok
6 Policy Feature Card 3       WS-F6K-PFC3B               2.4    Ok
6 Cat6k MSFC 2A daughterboard WS-F6K-MSFC2A     4.0    Ok
I have gone through following documents but could not find any clue on why PFC entries are not exported.
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/netflow.html#wp1080827
http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_example09186a0080721701.shtml
Regards,
Akhtar

Hi,
Just to further update this case with troubleshooting results.
1. I am able to recieve all flows sent from NDE 6506 Switch on NF Collector-A.
2. Only few flow are being received on NF CollectorB.
3. When comparing packet captured on NF Collector-A and B, I see only small size UDP packets(~350bytes) on NF Collector B, whereas on NF A I see packets more than 800 bytes...
This issue is surely pertaining to GRE+IPSEC. I have checked the forums and found issue of ""Self Generated Netflow packets not encrypted"" but my issue not seems to relevant b/c NDE 6506 which is exporting Netflow is not encrypting.......
Any thoughts !!
NDE 6506 Switch)----(CORE-6509)----(DC-WAN-1-6506)-----GRE+IPSEC------(DC-WAN-2-6506)------(CORE-6509)-----(DC-AGG)----(DC-ACC)---NF CollectorB
                                      |
                                      |
                                NF Collector-A

Can MPLS aware Netflow ver. 9 be enabled on the catalyst switches 6500

HI, I'm working for KOREA TELECOM, and currently providing MPLS VPN.
We're planning to provide our customer with traffic report using NetFlow..
I read some documents which reads Netflow ver.9 can be enabled on Cisco GSR 12000 Series, but no mention about catalyst switches. So, I ' m curious about that Netflow ver 9 can be activated on catalyst 6500 series.. because the point where switch is located already have mpls encapsulated packet ( mpls vpn packet).
Thank you , in advance.

NetFlow is now integral to Cisco 6500. A configuration we recommend is as below:
mls netflow // This enables NetFlow on the Supervisor.
mls nde sender version 7
mls aging long 64 // This breaks up long-lived flows into (roughly) one-minute segments.
mls aging normal 32 // This ensures that flows that have finished are exported in a timely manner.
mls flow ip interface-full
mls nde interface
The next two commands will help to enable NetFlow data export for bridged traffic which is optional. You can specify the list of VLANs here to enable bridged traffic.
ip flow ingress layer2-switched vlan
ip flow export layer2-switched vlan
Apart from this, NetFlow has to be enabled on the MSFC using the below commands.
ip flow egress // This command has to be executed on all the L3/VLAN interfaces.
ip flow-export destination {hostname|ip_address} 9996 // The hostname or IP address of the flow server
ip flow-export source {interface} // The interface through which NetFlow packets are exported. eg: Loopback0
ip flow-export version 9
ip flow-cache timeout active 1
snmp-server ifindex persist
The new Cisco Flexible NetFlow actually allows for export of MPLS specific information (I believe it is stack lables) in addition to information on IP Address, port, etc. But you will need a tool that can support these additional fields. Otherwise you can view IP, port, protocol, etc related information from MPLS links.
Regards,
Don Thomas Jacob
ManageEngine NetFlow Analyzer

4506 switch and netflow card

folks
i have a 4506 with a netflow card installed and i'm using crannog software to read the netflow stats but i have a problem
i have the following statements on my switch config
ip route-cache flow
ip flow ingress
ip flow-cache timeout active 5
ip flow-export source GigabitEthernet4/1
ip flow-export version 5
ip flow-export destination 10.*.*.* 2055
my software is picking up the switch and the switch is exporting flows:
Flow export v5 is enabled for main cache
Exporting flows to 10.*.*.* (2055)
Exporting using source interface GigabitEthernet4/1
Version 5 flow records
820249 flows exported in 118103 udp datagrams
0 flows failed due to lack of export packet
0 export packets were sent up to process level
but the software shows 0 bits for traffic
is anyone aware of any commands i'm missing (the ip route-cache command isn't available for an interface as in a router)
thanks to anyone taking the time to respond or read this

Sup7LE supports Flexible Netflow.
http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/flexible-netflow/product_data_sheet0900aecd804b590b.html

NetFlow/NetQOS on a 3750x switch

Hello, I have 3750x running c3750e-universalk9-mz.122-55.SE5 layer 3 capable. Im trying to enable net flow on the switch but for some reason the flow commands dont appear to be available in config t mode. Are there some other global commands that have to be enabled first in order for the netflow commands to be available or is it the image that doesnt support netflow?
Andy

Thanks Rajeevsh,
I ran the command I got the output below, i do see ipbase in there but dont know if that means its active..
Maybe it needs to have IP services as you pointed out..
Thanks for looking at this..
andy
inmu-tcs-inet1-sw#sh license all
License Store: Primary License Storage
StoreIndex: 0 Feature: lanbase Version: 1.0
License Type: Permanent
License State: Active, Not in Use
License Priority: Medium
License Count: Non-Counted
StoreIndex: 1 Feature: ipbase Version: 1.0
License Type: Permanent
License State: Active, In Use
License Priority: Medium
License Count: Non-Counted
License Store: Evaluation License Storage
StoreIndex: 0 Feature: ipservices Version: 1.0
License Type: Evaluation
License State: Active, Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
License Priority: None
License Count: Non-Counted
I also ran it on another 3750x where netflow commands seem to work and the output is different..see below:
dmz-srvdist1a-sw#sh license all
License Store: Primary License Storage
StoreIndex: 0 Feature: ipbase Version: 1.0
License Type: Permanent
License State: Active, In Use
License Priority: Medium
License Count: Non-Counted
License Store: Evaluation License Storage
StoreIndex: 0 Feature: ipservices Version: 1.0
License Type: Evaluation
License State: Active, Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
License Priority: None
License Count: Non-Counted

Enabling Netflow on Production 6500 Core switch

Hi All,
I am looking for a little expert advise regarding Cisco Netflow. For monitoring I need to enable Netflow feature on 6500 core switch or 6500 load balancer with CSM module installed, but I am just concern about the CPU hits on the devices. we are not using any dynamic routing protocols. Can someone please advise how will it effect on the local resources when using Netflow? Is it fine if I enable this feature on these devices in production?
Thanks in advance,

Hi Mudassar,
Enabling netflow will not have a major impact on CPU or memory but you will want to keep a close eye on the switches TCAM utilisation. Features like netflow, TCP intercept and WCCP can use resources from “NetFlow TCAM Table”.
Use the "show mls netflow table-contention detailed" command to monitor TCAM utilisation.
Regards
Brett

Netflow on Cisco Catalyst 3750 Metro Series Switches

Does netflow possible in 3750 metro series?

Hi Syed,
You have to first check if there is any image in switch or not so that you can manually boot from switch: prompt but as you said there is no image in the switch you have to go for xmodem procedure to upgrade the switch.
Have a look at this link and just follow step by step instructions and you will be good to go
http://www.cisco.com/en/US/products/hw/switches/ps607/products_tech_note09186a00800946e5.shtml#xmodem
HTH, if yes please rate the post.
Ankur

NETFLOW ON SWITCHES?

Guys,
I have a C3560 (C3560-HBOOT-M) Version 12.2(25r)SE1, RELEASE SOFTWARE
MODEL WS-C3560G-24TS-S
Would it be possibel to configure netflow on this device.
I don't see any ip route-cache flow command.
Looking forward to your answers.
Nik

Netflow is not suported on Catalyst 3560 switches. Cisco doesn't document it very well as far as I've seen.
Think of Netflow as primarily a router technology. While most switches also route, the access switches (such as 3560 series) don't have the support for Netflow built into them. 4500 and 6500 series switches handle it via add-on to the low end supervisors (i.e. NFFC for some 4500 supervisors) or high end supervisors (such as Sup-720 in 6500's)
This 3rd party link may be useful: http://www.manageengine.com/products/netflow/help/cisco-netflow/netflow-ios-versions.html
Also: http://support.caligare.com/kb/entry/42/
Hope this helps.

Solarwinds Netflow products what will work with a 3850-switch

Does anybody know….what Solar winds product will do Net Flow with Cisco 3850-switches? I know Net Flow Configurator will not work….but what about Net Flow Real-time for a Cisco 3850 switch?

For a lot of people, it is not neccessary. I used to ask myself that question until I came across a need for things that iLife and the Finder would not do.
Toast is a great program with a lot of features that just are not standard on a Mac.
You can make music DVDs. You can span a HD backup over multiple disks. You can make hybrid PC/Mac disks. It has DVD compression tools to fit a 8.5GB dual-layer DVD onto a single layer 4.7GB DVD.It suppoprts OGG and FLAC audio formats. You can turn your iMovie and iDVD projects into DivX disks.
It also has lots of nice tools to clean up audio that is imported from a noisy source - like vinyl.
It is all in all a very useful program, but not unless you need any of those features of course.

NAT problems on a L3 3650 switch

So, I am trying to setup NAT on our new 3650 switch running IOS-XE Software, Catalyst L3 Switch Software (CAT3K_CAA-UNIVERSALK9-M), Version 03.06.00E RELEASE SOFTWARE
This simple setup involves a layer 3 port (1/0/46) to our gateway and a Vlan for NAT
My hosts on my NAT Vlan (Vlan 2) do not seem able to ping anywhere else than the switch itself (all its interfaces) and their local subnet. Pings from the switch to outside are fine (NAT debug enabled):
Switch#ping 8.8.8.8 source 192.168.122.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 192.168.122.1
Success rate is 100 percent (5/5), round-trip min/avg/max = 60/66/70 ms
Switch#
*Nov 10 14:27:04.145: NAT: ICMP id=1->1025
*Nov 10 14:27:04.145: NAT: s=192.168.122.1->165.211.28.194, d=8.8.8.8 [5]
*Nov 10 14:27:04.210: NAT: ICMP id=1025->1
*Nov 10 14:27:04.210: NAT: s=8.8.8.8, d=165.211.28.194->192.168.122.1 [0]
Running Config:
! Last configuration change at 13:51:06 UTC Mon Nov 10 2014
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
hostname Switch
boot-start-marker
boot system switch all flash:packages.conf
boot-end-marker
vrf definition Mgmt-vrf
address-family ipv4
exit-address-family
no aaa new-model
switch 1 provision ws-c3650-48ps
ip routing
ip dhcp excluded-address 192.168.122.1
ip dhcp pool Pool14
import all
network 192.168.122.0 255.255.255.0
dns-server 165.211.29.1
default-router 192.168.122.1
domain-name my.domain
crypto pki trustpoint TP-self-signed-1875358754
diagnostic bootup level minimal
spanning-tree mode pvst
spanning-tree extend system-id
hw-switch switch 1 logging onboard message level 3
redundancy
mode sso
class-map match-any non-client-nrt-class
policy-map port_child_policy
class non-client-nrt-class
bandwidth remaining ratio 10
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
no ip address
negotiation auto
interface GigabitEthernet1/0/46
description conf GW
no switchport
ip address 165.211.28.194 255.255.255.192
ip nat outside
interface GigabitEthernet1/0/47
switchport access vlan 2
spanning-tree portfast
spanning-tree bpduguard enable
interface GigabitEthernet1/0/48
switchport access vlan 2
spanning-tree portfast
spanning-tree bpduguard enable
interface Vlan1
no ip address
shutdown
interface Vlan2
ip address 192.168.122.1 255.255.255.0
ip nat inside
ip nat inside source list 61 interface GigabitEthernet1/0/46 overload
ip forward-protocol nd
ip http server
ip http authentication local
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 165.211.28.193
access-list 61 permit 192.168.122.0 0.0.0.255
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
line vty 5 15
login
wsma agent exec
profile httplistener
profile httpslistener
wsma agent config
profile httplistener
profile httpslistener
wsma agent filesys
profile httplistener
profile httpslistener
wsma agent notify
profile httplistener
profile httpslistener
wsma profile listener httplistener
transport http
wsma profile listener httpslistener
transport https
ap group default-group
end
I also tried using a Vlan (+nat outside) instead of the Layer3 port (1/0/46) with the same results

Hello Paul,
1)yes the public addressing is correct. Our gateway is 165.211.28.193/26 and my public is setup 165.211.28.194/26.
2) Ip routing is enabled on the switch as you can see on my configuration
3)Switch#sh sdm prefer
Showing SDM Template Info
This is the Advanced (low scale) template.
Number of VLANs: 4094
Unicast MAC addresses: 32768
Overflow Unicast MAC addresses: 512
IGMP and Multicast groups: 4096
Overflow IGMP and Multicast groups: 512
Directly connected routes: 16384
Indirect routes: 7680
Security Access Control Entries: 1536
QoS Access Control Entries: 3072
Policy Based Routing ACEs: 1024
Netflow ACEs: 768
Wireless Input Microflow policer ACEs: 256
Wireless Output Microflow policer ACEs: 256
Flow SPAN ACEs: 512
Tunnels: 256
Control Plane Entries: 512
Input Netflow flows: 8192
Output Netflow flows: 16384
SGT/DGT entries: 4096
SGT/DGT Overflow entries: 512
These numbers are typical for L2 and IPv4 features.
Some features such as IPv6, use up double the entry size;
so only half as many entries can be created.

Netflow on L2 switch

Similar Messages

Maybe you are looking for