Netflow configuration on 4510 switch

Hi everyone,
I have a 4510 with sup7e and I would like to deploy netflow on this switch. The network will contain the 4510 switch where there will be 4 blades installed, each blade contains a separate Zone (vlan) . These 4 zones will then trunk upto a firewall via ten gig link over sub-interfaces. There will be an ip address assigned to each vlan on the 4500 switch but there can not be routing enabled between the vlans on the switch. If anyone could describe or show if it is possible to configure netflow with this scenario, it would be very much appreciated.

You will need the IP services (or above) image with the Sup 7E on a Catalyst 4k. Assuming you have that, I believe you can use flexible Netflow and set up a separate flow exporter with each of your zones' SVI as the source.
See this guide: link.

Similar Messages

  • Configure WCCP on a 4510 switch

    I have to configure an instance of a WCCP on a 4510 switch and I have to admit  have read the examples given by Cisco but dont have understanding of the example config
    Router(config)#
    ip wccp web-cache group-address 224.1.1.100 password alaska1
    I have attached the config in question above and could someone please clarify what the group address  224.1.1.100 is ?
    Many Thanks
    Mark

    Now I have used what you say which is
    ip wccp 99 group-list websense_proxy (Proxy server) but it does not give the option to create redirect list and this is the out put of sh ip wccp
    Service Identifier: 99
            Number of Service Group Clients:     0
            Number of Service Group Routers:     0
            Total Packets s/w Redirected:        0
              Process:                           0
              CEF:                               0
            Redirect access-list:                -none-
            Total Packets Denied Redirect:       0
            Total Packets Unassigned:            0
            Group access-list:                   websense_proxy
            Total Messages Denied to Group:      0
            Total Authentication failures:       0
            Total Bypassed Packets Received:     0 Service Identifier: 99
            Number of Service Group Clients:     0
            Number of Service Group Routers:     0
            Total Packets s/w Redirected:        0
              Process:                           0
              CEF:                               0
            Redirect access-list:                -none-
            Total Packets Denied Redirect:       0
            Total Packets Unassigned:            0
            Group access-list:                   websense_proxy
            Total Messages Denied to Group:      0
            Total Authentication failures:       0
            Total Bypassed Packets Received:     0

  • How to: Netflow on a L3 Switch WS-C3560X-48P

    Hello Community,
    I want to use netflow on our l3 switches. But my configurations dont work.
    What is my mistake? 
    Modell: WS-C3560X-48P
    Software Version: 15.0(1)SE3
    My Config:
    interface vlan 250
     ip flow monitor Monitor-FNF input
     ip flow monitor Monitor-FNF output
    flow record Record-FNF
     description Flexible NetFlow with NBAR Flow Record
     match ipv4 tos
     match ipv4 protocol
     match ipv4 source address
     match ipv4 destination address
     match transport source-port
     match transport destination-port
     collect routing next-hop address ipv4
     collect transport tcp flags
     collect interface output
     collect counter bytes
     collect counter packets
    flow exporter Export-FNF
     description DescriptionTEXT
     destination [NetFlow collector IP address]
     source vlan50
     transport udp 9001
     export-protocol netflow-v9
    flow monitor Monitor-FNF
     description FNF/NBAR Application Traffic Analysis
     record Record-FNF
     exporter Export-FNF
     cache timeout active 60
     cache timeout inactive 10

    Silly question but do you have a network services module installed? 
    From the documentation: "Flexible NetFlow is supported only on the Catalyst 3750-X and 3560-X switch running the IP base or IP services feature set and equipped with the network services module. It is not supported on switches running the NPE or the LAN base image."
    It actually also mentions: "NetFlow analysis is performed on traffic crossing the physical interfaces on the network services module." 
    Sourced from here: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/15-0_1_se/configuration/guide/3750xcg/swmnetflow.html

  • Best way to remove CSM configuration from a switch

    have a redundant pair of CSM , would like to move slave CSM to a new switch, what is quickest way to eliminate all configuration from this switch so the same can be installed on the new switch , without reloading the switch or causing any downtime to already existing connections through the master CSM.

    HI Imre,
    Kindly read the following section for the required :
    http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/csm/4.2.x/configuration/guide/redun.html#wp1047388

  • WAAS Configuration for 3750 Switch

    I am configuring a 3750 switch with 12.2(52)SE according to:
    (from https://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_52_se/configuration/guide/3750_scg.pdf )
    This example shows how to configure SVIs and how to enable the web cache service with a multicast group list. VLAN 299 is created and configured with an IP address of 175.20.20.10. Gigabit Ethernet port 1 is connected through the Internet to the web server and is configured as an access port in VLAN 299. VLAN 300 is created and configured with an IP address of 172.20.10.30. Gigabit Ethernet port 2 is connected to the application engine and is configured as an access port in VLAN 300. VLAN 301 is created and configured with an IP address of 175.20.30.50. Fast Ethernet ports 3 to 6, which are connected to the clients, are configured as access ports in VLAN 301. The switch redirects packets received from the client interfaces to the application engine.
    Note Only permit ACL entries are being used in the redirect-list; deny entries are unsupported.
    Switch# configure terminal
    Switch(config)# ip wccp web-cache 80 group-list 15
    Switch(config)# access-list 15 permit host 171.69.198.102
    Switch(config)# access-list 15 permit host 171.69.198.104
    Switch(config)# access-list 15 permit host 171.69.198.106
    Switch(config)# vlan 299      WEB  SERVER
    Switch(config-vlan)# exit
    Switch(config)# interface vlan 299
    Switch(config-if)# ip address 175.20.20.10 255.255.255.0
    Switch(config-if)# exit
    Switch(config)# interface gigabitethernet1/0/1
    Switch(config-if)# switchport mode access
    Switch(config-if)# switchport access vlan 299
    Switch(config)# vlan 300 WAE
    Switch(config-vlan)# exit
    Switch(config)# interface vlan 300
    Switch(config-if)# ip address 171.69.198.100 255.255.255.0
    Switch(config-if)# exit
    Switch(config)# interface gigabitethernet1/0/2
    Switch(config-if)# switchport mode access
    Switch(config-if)# switchport access vlan 300
    Switch(config-if)# exit
    Switch(config)# vlan 301 CLIENTS
    Switch(config-vlan)# exit
    Switch(config)# interface vlan 301
    Switch(config-if)# ip address 175.20.30.20 255.255.255.0
    Switch(config-if)# ip wccp web-cache redirect in
    Switch(config-if)# exit
    Switch(config)# interface gigabitethernet1/0/3 - 6
    Switch(config-if-range)# switchport mode access
    Switch(config-if-range)# switchport access vlan 301
    Switch(config-if-range)# exit
    ===================================================================
    Question:  How do I configure my WAE to play nicely with this switch?

    Hi James,
    Here is the link to WCCP config part on WAE:
    http://www.cisco.com/en/US/docs/app_ntwk_services/waas/waas/v441/configuration/guide/traffic.html#wp1041742
    In your case, if my understanding is right, VLAN300 is where you want to connect WAE and WAE is also L2 adjacent. if that is true, here is the config you need on WAE:
    wccp router-list 1 171.69.198.100
    wccp tcp-promiscuous router-list-num 1 l2-redirect mask-assign l2-return
    wccp version 2
    Please note that 3750 supports L2 redirection only with redirect IN statements on 3750 interfaces connected to servers and clients.
    Hope this helps.
    Regards.

  • Where prime saves configuration files of switches from invetory

    Hi Guys,
    we are using PI 1.3.
    PI monitor and manage several switches. (about 30 devices)
    I want to review the configuration of the switches with a text editor so it would be great if I could access the configuration files which PI creates by the background task "switch inventory".
    Does anyone know where the PI store these files?
    Thanks and Regards, Alexander

    Hi Alex,
    Check the below post ,hope it will answer your query :
    https://supportforums.cisco.com/discussion/11852236/pi-where-devices-archive-files-are-located#3975460
    Thanks-
    Afroz
    ***Ratings Encourages Contributors ****

  • Netflow configuration with snmp version 3

    Dear All,
    I have configured snmp version 3 but while i am putting the IP address in netflow software during the time i am getting error . I am suspecting issue with the netflow configuration.
    Below is the configuration. Please let me know what configuration are required
    snmp-server group ROGROUP v3 priv
    snmp-server user monitor ROGROUP  v3  auth md5 abc  priv aes 128 abc access 30

    Now the issue has been resolved after changing the netflow version 5 to 9 from cisco device.

  • CSM 4.4sp1 netflow configuration for ASA

    Hi,
    We are running Cisco Security Manager 4.4 service pack 1 and our ASA's are all running 9.0.2/9.1.1
    I've hit a problem with export to netflow from my ASA firewalls configured through CSM.
    We configure the netflow export under platform/logging and enable flow export. Looking at the "show flow-export counters" on the ASA very few flows are exported however and no netflow shows up in our netflow analyzer.
    Looking at the deployment this is what is deployed (for netflow):
    ! COMMENT: Bulk request written; reading response...
    Line# 2. (SUCCESS) Sent (Fri Jun 07 08:50:05 CEST 2013): flow-export template timeout-rate 1
    Received (Fri Jun 07 08:50:05 CEST 2013):
    Line# 3. (SUCCESS) Sent (Fri Jun 07 08:50:05 CEST 2013): flow-export destination outside 146.2.217.125 19996
    Received (Fri Jun 07 08:50:05 CEST 2013):
    Line# 4. (SUCCESS) Sent (Fri Jun 07 08:50:05 CEST 2013): flow-export delay flow-create 60
    As I understand it I need to match what traffic to export to netflow which is setup as a service policy rule. I cannot find any option to export to netflow under the service policy rules however (only IPS,CXSC, Connection Settings, QoS, CSC, User statistics and Scansafe).
    I configured a flexconfig to append to the configuration and this seems to export the data until the next time a policy is pushed. The configuration changes done by the flexconfig are then removed from the ASA and netflow stops working.
    My flexconfig (append) looks like this:
    access-list netflow-hosts extended permit ip any any
    class-map NetFlow-traffic
      match access-list netflow-hosts
    policy-map global_policy
    class NetFlow-traffic
      flow-export event-type all destination X.X.X.X
    Have anybody found a way to get netflow export work correctly when configured using CSM?
    -Michel

    Try adding in the following line under flexconfig with the rest of your netflow configurations.
    flow-export template timeout-rate 1
    These are my flexconfig on my firewalls using CSM:
    access-list global_mpc extended permit ip any any
    class-map global-class
    match access-list global_mpc
    policy-map global_policy
    class global-class
      flow-export event-type all destination x.x.x.x
    flow-export template timeout-rate 1

  • CiscoWorks:Archieve configurations of routers/switches with only ssh/telnet

    Hi,
    I want to do the archieve configurations of couple of routers/switches with only ssh/telnet and rest thousands of devices will be via snmp.
    Currently I am backing up the configurations of thoudands of  routers/switches via snmp, as snmp is configured on them, but couple of routers/switches are external and snmp is not configured on them so I want to get their configuration via ssh/telnet only.
    Please advise me that is it possible to do the archieve configurations of routers/switches with only ssh/telnet?
    I am using the
    LMS: 1.2.0
    RME: 4.3.0
    CS:    3.3.0
    CM:   5.2.1
    DFM: 3.2.0
    Thanks

    The config archive protocol order applies to all devices universally.  Since you are using TFTP for most of your devices, I recommend you leave TFTP at the top of the protocol order list.  Add TELNET and SSH below TFTP.  The external devices will be attempted with SNMP/TFTP, but those operations will fail.  RME will then fall back to TELNET then to SSH.  It will eventually fetch the configuration successfully.

  • Ntop netflow configuration help

    Looking for some direction on getting NTOP to work.  I have the app installed, can access it.  I've configured my 2821 router with Netflow per the example configuration, using the Internet interface as source, and the onplus LAN as destination.  I'm not using the MON port.  My NTOP webpage shows nothing, no packets, summary, etc are all blank.  My router shows no errors when I run "sh ip flow export".  What am I missing???

    That might be it ... you will need to 'active' the NTOP plugin for Netflow. Once it is activated, you will see the 'NetFlow device in the list of devices on the 'Global Taffic Statistics' page. Remember to set the port within the NTOP configuration to 2055 as well.
    As for the LAN and MON ports, the LAN port is eth0 and the MON port is eth1. These are only generic passive listening ports and generally, only the 'eth1' port is useful, when connected to a mirror/span port on a switch/router. Neither of these are useful for NetFlow.
    Robert

  • 802.1x configuration for 3500 switch and 2800 switc

    Can anyone point me to a document on how to do a 3500 switch 802.1x configuration as well as a 2800 switch? How do you define the server auth-port? Thanks

    Even tough this link is for CAT6k, it has some very useful screen-shots that will help you to successfully implement dot1x:
    http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_example09186a00801d11a4.shtml
    Regards
    Farrukh

  • Configuring SNMpv3 in switch 2960 and connect to cisco prime 6.3

    hi
    I configuring the parameters in the switch for snmp v3 and the cisco prime, but i don´t have any response
    but, I configure snmp version1 this work
    in the scree on the cisco prime, don´t appear this field´s to configure all parameters for snmpv3
    any idea??
    thanks

    Hi ,
    share your SNMPv3 config  or I have attached the sample SNMPv3 config , kindly check or reconfigure it and see if it help
    Thanks-
    Afroz
    ***Ratings Encourages Contributors ***

  • Error when removed netflow configuration

    I want to remove netflow config, but when I "no ip flow monitor XXXX output" from PORT-PROFILE (type vethernet),
    there is a vethernet interface combined this command "ip flow monitor XXXX output" unexpectedly.
    And I got an error message when I "no ip flow monitor XXXX output" from this vethernet interface.
    Nexus-BIZ(config-if)# no ip flow monitor NAM-BIZ output
    2013 Apr 12 08:47:42 Nexus-BIZ %NFM-2-VERIFY_FAIL: Verify failed - Client 0xff010266, Reason: unknown error, Interface: Vethernet48
    Verify failed - Client 0xff010266, Reason: unknown error, Interface: Vethernet48
    Error: could not allocate resources for command
    Do anyone know how to remove this configuration?

    Check that listener for your standby database has proper handler for PIJ10G2_DGMGRL service name. Use static registration for this.
    Then, Protection Mode: MaxAvailability implies SYNC log transport mode. Check this option too in your log_archive_dest_NN settings.
    Best Regards,
    Alex

  • Where is the complete configuration for catos4000 switch?

    thank you!

    Hi Friend,
    Here is the complete configuration guide for catos 4k switch
    For release 7.x
    http://www.cisco.com/univercd/cc/td/doc/product/lan/cat4000/rel7_1/config/index.htm
    Complete details about 4k switch with command reference
    http://www.cisco.com/univercd/cc/td/doc/product/lan/cat4000/rel7_1/index.htm
    HTH
    Ankur

  • Cisco 6506 Netflow configuration

    I configured netflow to capture data received by vlan 950. 
    vlan 950 has an ip 10.198.0.12. But the output is capturing only packets with source ip of this subnet only.
    why is it not showing any traffic received from outside? or sent to outside hosts?

    Hi Rafael,
    you need an Assurance License for that feature to work
    check the below link:
    http://www.cisco.com/en/US/prod/collateral/netmgtsw/ps6504/ps6528/ps12239/guide_c07-714720.html
    Thanks-
    Afroz
    [Do rate the useful post]

Maybe you are looking for

  • EFI update

    Well, Ihad a doubt but finally I tryed this update...Now I'm looking to a black screen (for over 2hours) and did exactly what apple said : Shut down, hold down the power button until the led start to flash rapidly...It did so I release the power butt

  • Flash player not working on ADOBE SITE (tutorials) but does everywhere else!

    i have installed the latest version and i keep getting messages saying that i need to install the latest version. Nuts! what's up? i do have 'clicktoflash' installed which prevents ANY flash content running until i click on the content. it works fine

  • Fast user switching and "ipod is in use by another user on this computer"

    Is there any way to suppress the "ipod is in use by another user on this computer" message that appears when you use fast user switching. my wife and I share a mac pro and when flipping between sessions, this message gets to be a bit annoying. i.e. i

  • How to design this BO?

    This picture shows the result which I want ,however,I don't konw how to design the BO! Can anybody help me ? Best Regards!

  • Tabbed Panel Widget is too wide for the Phone Layout.

    Is it possible to reduce the width of the Tabbed Panel Widget for use on the Phone layout? When I grab a handle on the widget box and re-size it to the smaller width of the Phone layout, it springs back. There does not seem to be a way to adjust the