828-505-7480

The Cisco 3750x switch does not support NetFlow natively, but the C3KX-SM-10G module has ASICs that support NetFlow.  With the C3KX-SM-10G module, NetFlow can only be run on the 4 interfaces in the module — this does not add NetFlow on the entire switch.

It is however possible to capture the switch’s traffic and port mirror (SPAN) it over to one of the C3KX-SM-10G interfaces so that it can be exported for NetFlow.  The problem is that in order to mirror traffic to a port and export NetFlow, the port must be in an UP state.  In order to force the port up we took an LC fiber patch cable and split apart the plastic end and pulled the cable apart so that we had 2 single fiber strands.  Then we plugged in an SFP and connected the port into itself by looping the single fiber back to the same SFP.  Use caution with this as it will create a loop — it might be better to setup the mirror first as it will put the port in an UP/DOWN state that I’ll mention later.

LC Patch Cable Loop

First setup the port mirroring selecting the source VLANs or interfaces.  Also point the SPAN at the interface where the fiber loop is on the C3KX-SM-10G.

monitor session 5 source vlan 1 - 5 , 7 , 100
monitor session 5 destination interface Gi4/1/2

Then setup the NetFlow export.  Start by defining the flow monitoring records.

flow record NETFLOW
 match datalink source-vlan-id
 match datalink dot1q priority
 match datalink mac source-address
 match datalink mac destination-address
 match ipv4 version
 match ipv4 tos
 match ipv4 ttl
 match ipv4 protocol
 match ipv4 source address
 match ipv4 destination address
 match transport source-port
 match transport destination-port
 match interface input physical snmp
 collect interface output snmp
 collect counter flows
 collect counter bytes
 collect counter packets
 collect timestamp sys-uptime first
 collect timestamp sys-uptime last

Then setup the NetFlow export parameters and bind the records to the export

flow exporter EXPORT
 destination 10.100.1.5
 source Vlan7
 transport udp 2055
 option interface-table timeout 60
!
!
flow monitor NETFLOW
 record NETFLOW
 exporter EXPORT
 cache timeout active 60

Lastly configure the port on the C3KX-SM-10G to export the flow.  We had to disable UDLD in order to allow the fiber loop.

interface GigabitEthernet4/1/2
 ip flow monitor netflow layer2-switched input
 udld port disable

Please note that if you show the interface (i.e. “show interface gig 4/1/2”) the port will show UP/DOWN because the port is monitoring:

GigabitEthernet4/1/2 is up, line protocol is down (monitoring)

Good luck!