The Catalyst 2950 / 2960 NetFlow Support is sought after because it is one of the most prolific switches produced by Cisco. Sometimes it seems like every company we talk to has one and since we are a NetFlow and IPFIX company, we come across a lot of consumers who want to collect NetFlow from them. Customers are in luck.
Although the Catalyst 2950 and 2960 do not natively support NetFlow, if you are willing to span a port to a NetFlow probe the insight one can gain is significant.
Here are a few NetFlow probe options:
- softflowd runs on linux and is completely free. Limited to NetFlow v5 and exports interfaces as ‘0’. Good, free tool but, not ideal.
- nProbe runs on windows and linux and costs $695. Loaded with great metrics on latency, URLs, jitter, packet loss, codec, etc. Amazing probe and it supports both NetFlow and IPFIX. Claims high performance.
- Cisco NGA 3140 Cost = ??? I haven’t worked with it but, since Cisco invented NetFlow, I’m sure it is solid. It exports traditional NetFlow and supports IPFIX. Claims high performance.
Be informed that the Catalyst 3750-X NetFlow support touted by Cisco is for Smart Logging Telemetry which is a unique NetFlow export that sends event information (i.e. sort of like syslogs) as well as captured packets. However, you can export traditional NetFlow from this switch if the C3KX module is purchased. This plugin provides NetFlow support on the uplink. The 3750-x and the 3560-X both support the C3KX.
Collecting NetFlow from the C3KX or a NetFlow probe not only provides additional insight for network traffic monitoring, it can also help with threat detection. Our NetFlow analyzer can be used for advanced persistent threat detection via Flow Analytics. To learn more, read our white paper on Fighting Advanced Persistent Threats.