Monday, March 10, 2025
Latest:
Computer NetworksNETWORKS

6. CISCO Catalyst 9300 DNA Advantage – Netflow with Stealthwatch (Wired AVC not supported)

Alice AUSTIN

C9300 doesn’t support Wired AVC Flexible Netflow and can’t export netflow.
but you can see netflow data in the switch if you use below configuration
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9300/software/release/16-8/configuration_guide/sys_mgmt/b_168_sys_mgmt_9300_cg/b_168_sys_mgmt_9300_cg_chapter_0100.html#reference_lq4_l5l_j1b

If you still want to use stealthwatch for monitoring, you can use legacy configuration as below

flow record FNF-input
description IPv4 NetFlow
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match ipv4 protocol
match interface input
match ipv4 tos
match flow direction

collect interface output
collect counter bytes long
collect counter packets long
collect transport tcp flags
collect timestamp absolute first
collect timestamp absolute last

flow record FNF-output

description IPv4 NetFlow
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match ipv4 protocol
match interface output
match ipv4 tos
match flow direction

collect interface input
collect counter bytes long
collect counter packets long
collect transport tcp flags
collect timestamp absolute first
collect timestamp absolute last

flow exporter stealthwatch

destination 192.168.103.81
source vlan 102
transport udp 2055
template data timeout 60

flow monitor Scrut_mon_input

description IPv4 FNF ingress exports
exporter stealthwatch
record FNF-input
cache timeout active 60

flow monitor Scrut_mon_output

description IPv4 FNF egress exports
exporter stealthwatch
record FNF-output
cache timeout active 60

interface GigabitEthernet1/0/2
ip flow monitor Scrut_mon_input input
ip flow monitor Scrut_mon_output output

# % Flow Monitor: Failed to add monitor to interface: Invalid set of fields in monitor record for wired interface
https://community.cisco.com/t5/switching/flow-monitor-configuration-failure-on-cat-3850-with-match/td-p/3692339
# % Flow Monitor: Failed to add monitor to interface: Invalid set of fields in monitor record for wired interface
https://thwack.solarwinds.com/product-forums/netflow-traffic-analyzer-nta/f/forum/26696/netflow-nbar2-nta-configuration-with-cisco-catalyst-3850

source

ipv4

Alice AUSTIN

Alice AUSTIN is studying Cisco Systems Engineering. He has passion with both hardware and software and writes articles and reviews for many IT websites.

You May Also Like

Russia 900 1800 2100 Signal Booster amplifier 2G 3G 4G LTE signal booster cellphone repeater fastsh

AWS Port Mappings With Ip Address For Traffic Management

Alice AUSTIN

Japa vs Japada

Leave a Reply

Your email address will not be published. Required fields are marked *