Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 7

NetFlow setup on layer 3 devices

To "properly" monitor flows, Cisco says to monitor flows from all active interfaces on a given Layer 3 device. That would mean a router with two interfaces needs two interface licenses.

Can anyone confirm if this is true?

As an example, if I have a router with a fast ethernet interface connected to a core switch and a T1 serial link connected to a remote site, is it 'good enough' to just montior the serial link if your goal is to see all traffic to and from the remote site? Or do I need to burn another license to monitor the fast ethernet interface as well.
0 Kudos
3 Replies
Level 12

Larry is right - on some code levels you can set it up on the ingress and egress. Depends on the IOS version...

Josh Stephens
SolarWinds R&D
0 Kudos
Level 7

I would open a quick TAC case on this.
I was able to set up ingress and egress flow on my devices (at least with new code).

38xx w/ 12.4.xx
on my interface
ip flow ingress
ip flow egress
0 Kudos
Level 7

To gather the Tx and Rx flows to your remote site you will need to burn a license for both you ethernet and serial interfaces. Netflow only works on the ingress direction of the interface(with exception of using "true" MPLS and egress ip flows). So in order to see full data stream you need to have it applied to both interfaces.
0 Kudos