© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 24 of 70
The Cisco Catalyst 3850 supports both ingress and egress FnF on all ports of the switch at line rate. Switch raw
scalability is up to 24K cached flows, whereas it is 8K for ingress and 16K for egress per UADP ASIC. The Cisco
Catalyst 3850 supports NetFlow Version 9, with IPv4, IPv6, Layer 2 flows, and sampled NetFlow. TCP flags are
also exported as part of the flow information. When Cisco Catalyst 3850 switches are stacked together, each
individual stack member exports its own flows to the collector. The Cisco Catalyst 3850 supports up to 16 flow
monitors with eight different collectors simultaneously per flow monitor. Microflow policing is supported only for
wireless clients.
The FnF feature on the Cisco Catalyst 3850 is enabled on the IP base version and earlier. The Cisco Catalyst 3850
48-port switch has two UADP ASICs per switch, and the Cisco Catalyst 3850 24-port switch has one UADP ASIC.
NetFlow Configuration on Cisco Catalyst 3850 Switch There are three components of FnF configuration: flow record, flow exporter, and flow monitor.
Flow Record
The NetFlow flow record is made up of primary fields and nonprimary fields. Primary fields are the fields from
packet headers that are used for classifying and characterizing the flow. Additional information can be added to the
flow record, and this information is contained in nonprimary fields. Match commands as seen in the following are
used to define primary fields, while collect commands are used to define the nonprimary fields.
Configuring a Flow Record (Ingress)
flow record v4
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface input
collect interface output
collect transport tcp flags
collect counter bytes long
collect counter packets long
collect timestamp absolute first
collect timestamp absolute last
collect counter bytes layer2 long
Note: “match interface output” cannot be configured in the ingress flow monitor. In order to get the egress
interface information, use the “collect interface output” command in an ingress flow record.
Similarly, “match interface input” is not supported on an egress flow record; use “collect interface input” as shown
in the following: