I have been looking all over the place. Does anyone have a sample configuration of how to setup Netflow on a Cisco 3560 Switch. Your help would be much appreciated. Thanks in advance.
It appears that Netflow is not supported on a 3560.
ip flow-aggregation cache
ip flow-cache entries
ip flow-export
Catalyst 3560 series switches do not support NetFlow. You can see the necessary commands on config mode but they are not effective. It is not about IOS version or feature set. You need a modular switch for NetFlow.
Older 3560's do not support NetFlow:
Some newer models when combined with the right service module and IOS version appear to be NetFlow capable. A few references include:
Even if the switch does not support NetFlow you still have a couple of options. The main feature to leverage is a SPAN port and that particular switch has the capabilities for two monitoring sessions. Using a monitoring session you can focus on a few ports or an entire VLAN. For example, let’s say I wanted to monitor my default VLAN and I wanted to send a copy of the traffic out to GigabitEthernet0/10, the two commands I would need to issue would be:
monitor session 1 source vlan 1 bothmonitor session 1 destination interface GigabitEthernet0/10
Once you have the SPAN port setup you could then use something like nprobe to convert the raw packets into flow data. If you are not looking to deploy an appliance to do this you could virtualise it. I just put this video together which shows how you can deploy a virtual appliance which can connect to a SPAN port on a physical switch. The LANGuardian system shown does a lot more with the packet data than nprobe as it uses deep packet inspection technology to extract further information from the packets.
https://www.youtube.com/watch?v=0Rj8zvJnc1I
