Use https://seceonhelp.freshdesk.com/support/login to access updated Knowledge Base Articles, Submit Technical Support Tickets and Review Status of submitted support tickets.

Exporting Netflow data out of Cisco 3750 to the CCE using command line

Owned by Customer Success & Engineering
Jun 21, 2019
2 min read

Configuring the Flow Exporter

Beginning in privileged EXEC mode, follow these steps to configure the NetFlow exporter. For more information about configuring Flexible NetFlow flow exporters, see the Configuring Data Export for Cisco IOS Flexible NetFlow with Flow Exporters document:

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/15-0_1_se/configuration/guide/3750xcg/swmnetflow.html#39209

Note The optional export-protocol flow exporter configuration command specifies the NetFlow export protocol used by the exporter. The switch supports only netflow-v9. Although visible in the CLI help, netflow-5 is not supported.

This example shows how to configure the flow exporter:

Switch(config)# flow exporter Seceon-CCE

Switch(config-flow-exporter)# destination IP Address of the CCE (Please note that this is an example IP, which is to be replaced with your CCE IP)

Switch(config-flow-exporter)# source vlan 1

Switch(config-flow-exporter)#  transport udp 9995

Switch(config-flow-exporter)#  template data timeout 60

Switch(config-flow-exporter)# end 

This is an example of output from the show flow exporter command:

Switch# show flow exporter Seceon-CCE

Flow Exporter QoS-Collector:

Description: QoS Collector Bldg 19

Export protocol: NetFlow Version 9

Transport Configuration:

Destination IP address: cce ip

Source IP address: switch ip

Source Interface: Vlan1

Transport Protocol: UDP

Destination Port: 9995

Source Port: 62401

DSCP: 0x3TTL: 255

Output Features: Not Used


Configuring a Customized Flow Record

This example shows how to configure a flow record:

Switch(config)# flow record

Switch(config-flow-record)# description record to monitor network traffic

Switch(config-flow-record)# match ipv4 destination address

Switch(config-flow-record)# collect counter packets

Switch(config-flow-record)# collect counter bytes

Switch(config-flow-record)# end 

This is an example of output from the show flow record command:

Switch# show flow record

flow record L2L4ipv4:

Description: User defined

No. of users: 1

Total field space: 56 bytes

Fields:

match datalink dot1q priority

match datalink mac source-address

match datalink mac destination-address

match ipv4 tosmatch ipv4 ttl

match ipv4 protocol

match ipv4 source address

match ipv4 destination address

match transport source-port

match transport destination-port

collect interface input snmp

collect interface output snmp

collect counter flows

collect counter bytes

collect counter packets

collect timestamp sys-uptime first

collect timestamp sys-uptime last

 flow record L2L4ipv6:

Description: User defined

No. of users: 1

Total field space: 81 bytesFields:

match datalink mac source-address

match datalink mac destination-address

match ipv6 traffic-classmatch ipv6 protocol

match ipv6 source address

match ipv6 destination address

match ipv6 fragmentation flags

match transport source-port

match transport destination-port

match transport icmp ipv6 type

match transport icmp ipv6 code

collect interface input snmp

collect interface output snmp

collect counter flows

collect counter bytes

collect counter packets

collect timestamp sys-uptime first

collect timestamp sys-uptime last

Seceon Inc. All rights reserved. https://www.seceon.com