Buy or Renew
Buy or Renew
Register Here! - Join us 11/13 for the "Navigating DHCP Processes in SD-Access Network" Community Live event
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
287
Views
1
Helpful
4
Replies

DNAC / Stealtwatch / Application Visibilty and et-analytics questions

Go to solution
katerina.dardoufa
Level 4
Level 4

‎10-17-2024 03:26 AM

Hello all,

We have an implementation of DNAC and Stealthwatch in our infrastructure. We also have enabled et-analytcs on our SDA switches via DNAC. I am not quite sure what the configuration on the switches should be in order for Stealthwatch to show information regarding both applications and ETA. For example, on our remote branches (ISR4321 routers), I have created a flow record, a flow monitor and a flow exporter, I have enabled nbar on the interfaces I want to monitor, applied the flow monitor input command and also enabled et-analytics under the interface. So I get all the information I want in Stealthwatch.

How can I do exactly the same thing in order to receive traffic from our SDA switches? I understand that if et-analytics is enabled on an interface, I cannot apply a flow monitor under the same interface. How to I get information regarding the applications? Do I have to globally enable application visibility via DNAC? In such a case should DNAC be the flow collector destination or the SNA flow collector? Will there be a conflict if both application visibility and et-analytics are enabled on SDA switches? I remember reading about this somewhere, but I might be mistaken.

I am sorry for all the questions, but I cannot find any documentation that clearly describes what to do when having DNAC/SNA and ETA enabled.

Thanks in advance,

Katerina

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Torbjørn
Spotlight
Spotlight

‎10-17-2024 03:48 AM

I believe the easiest way to achieve this will be to set up a Cisco Telemetry Broker/UDP director that can route netflow to both stealthwatch and DNAC.

Torbjrn_0-1729161897182.png

Alternatively it should be possible to provision the required configuration with templates, as long as you adhere to the restrictions outlined in this configuration guide: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9400/software/release/16-8/configuration_guide/nmgmt/b_168_nmgmt_9400_cg/b_168_nmgmt_9400_cg_chapter_01000.pdf 

Torbjrn_1-1729162074669.png

 

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev

View solution in original post

4 Replies 4

Go to solution
Torbjørn
Spotlight
Spotlight

‎10-17-2024 03:48 AM

I believe the easiest way to achieve this will be to set up a Cisco Telemetry Broker/UDP director that can route netflow to both stealthwatch and DNAC.

Torbjrn_0-1729161897182.png

Alternatively it should be possible to provision the required configuration with templates, as long as you adhere to the restrictions outlined in this configuration guide: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9400/software/release/16-8/configuration_guide/nmgmt/b_168_nmgmt_9400_cg/b_168_nmgmt_9400_cg_chapter_01000.pdf 

Torbjrn_1-1729162074669.png

 

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev

Go to solution
andy!doesnt!like!uucp
Spotlight
Spotlight

‎10-17-2024 04:12 AM

traffic patterns from netflow is source for ETA. doesnt matter how to enable it. main point is to collect & share with Cisco cloud :0)

0 Helpful

Go to solution
Torbjørn
Spotlight
Spotlight

‎10-21-2024 01:43 AM

@katerina.dardoufa

I discovered that the proper way to integrate Stealthwatch is as an "external service" configured in DNAC and added under network settings > network. See the slides from slide 67 in the following Cisco Live presentation slide-deck: https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2024/pdf/BRKOPS-2038.pdf 

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev
0 Helpful

Go to solution
katerina.dardoufa
Level 4
Level 4
In response to Torbjørn

‎10-21-2024 11:39 PM

Hi Tobjorn

we have integrated SNA with DNAC via external services. What got me really confused is that before enabling ETA I had configured DNAC to be the netflow collector in order to view graphs of SGT traffic under Policy --> Group Based Access Control --> Overview. I had setup netflow for SGT and enabled flow monitor on all interfaces in order to get the information and it was showing correctly in the "Explore Traffic Flows for Security Groups" graph. After enabling ETA is was obvious that netflow should me removed from the interfaces in order for ETA to take effect. Et-analytics now pointed towards SNA. So that it when I started wondering if I am losing information on DNAC, when removing netflow from the interfaces and sending eta traffic to SNA. I have a feeling that the Graph "Explore Traffic Flows for Security Groups" does not show all SGTs since there is a group called "SGT Assignment not available", but I guess I can live with that since I suppose I can get the same info from SNA (?).

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card