Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2586
Views
0
Helpful
4
Replies

WLC 5508 Configure Netflow AVC Configure

joshwa
Level 1
Level 1

‎11-14-2019 12:48 PM - edited ‎07-05-2021 11:18 AM

I am running a Cisco 5508 Wireless Controller with Software Version 8.5.151.0. The goal is to have Netflow monitoring client usage to identify clients using to much traffic and where the total over all traffic is going or coming from. 

 

 

 

I am running PRTG Network Monitor 19.2.50.2842 x64 with sensor Netflow v9 Custom. I have configured inside the WLC from:

Netflow Configuration:

Wireless > Netflow > Exporter

          Name = PRTG

          Exp IP = 10.x.x.x

          Port = 9993

 

Wireless > Netflow > Monitor

          Net Mon Name = PRTG_Netflow

          Exp Name = PRTG

          Record Name = Client App Record (Better Performance).

          Apply Netflow:

 

WLAN > WLAN ID X > QoS >

          <Check Mark> Application Visibility

          Netflow Monitor = PRTG_Netflow

          Apply. At this point I was getting an error for AVC Profile, but it has disappeared.

 

Inside PRTG 

          Sensor Name: WLC Netflow v9

          Receive NetFlow Packets on UDP Port: 9993

          Sender IP: WLC Interface

 

The connection is made, but I am not getting the information inside the Tops, Talkers, Connections, Protocols. I am getting 100% information but no expected information. 

 

I am understanding what AVC is used for. I am not trying to apply access list to access on the networks, just trying to configure data points to troubleshoot problems.

 

Any help on getting the acquired data? 

 

 

Labels:
Preview file
66 KB
Preview file
66 KB
0 Helpful
4 Replies 4

patoberli
VIP Alumni
VIP Alumni

‎11-15-2019 04:03 AM - edited ‎11-15-2019 04:04 AM

From the manual:

An IP traffic flow is a sequence of packets passing through a network device with common attributes like source and destination IP address & transport ports, direction, etc. Additional common attributes for wireless flow are SSID, AP MAC. These packets with common attributes are aggregated into flows and exported to the Netflow Collectors. Prior to relase 8.2, controller exported Netflow data was analyzed only by PI (Prime Infrastructure) and wasn't compatible with any third party Netflow collectors.

In release 8.2 nenhanced Netflow records exporter is introduced. New Netflow v9 is sending 17 different data records ( as defined in RFC 3954) to the External 3rd Party Netflow collector such as Lancope and others. Support for the Enhanced Flow Record Data Export was added on the WLC 5520, 8510 and 8540.

Prior to release 8.2 Netflow feature available on the controller sends only the IP address of the client, SSID and Application statistics. While this helps for compatible Netflow collectors like Cisco Prime to show the application statistics, it does not provide the full 5 tuple flow information and is also not compatible with many 3rd party Netflow collectors who expect 5 tuples.

The current netflow record prior to release 8.2 that WLC exports support only the following fields

  • Application Tag
  • Client Mac Address
  • AP Mac address
  • WlanID
  • Source IP
  • Dest IP
  • Source Port
  • Dest Port
  • Protocol
  • Flow Start Time
  • Flow End Time
  • Direction
  • Packet count
  • Byte count
  • VLAN Id–Mgmt/Dyn
  • TOS - DSCP Value
  • Dot1x username

Netflow Deployment Considerations

  • WLC supports only one monitor and exporter.
  • WLC will support only one type of Netflow record globally per controller.
  • Flow records are exported directly and will not be shown on the controller.
  • Application visibility statistics present today will continue on the controller.
  • Change to monitor parameters will required the WLAN to be disabled and enabled.
  • The new record will be supported on 8510, 5520 and 8540 controllers only.
  • 2500, 5508, 7500 and WiSM2 controllers will not be supported.
  • Netflow statistics are sent at an interval of 30 seconds (Not user configurable. Current value is 90 seconds).
  • Netflow record will be sent even for the unclassified applications with new flow record.
  • Netflow will be sent on enabling AVC on that WLAN.
  • IPv6 traffic is not supported in Netflow in release 8.2.
  • Netflow sending initial template will be sent from Control plane.
  • Netflow export on service port is not supported.


https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-5/Enterprise-Mobility-8-5-Design-Guide/Enterprise_Mobility_8-5_Deployment_Guide/ch5_QoS.html#pgfId-1138262

 

I've marked the important parts red.

In other words, you get the expected results.

0 Helpful

Rasika Nayanajith
VIP
VIP

‎11-15-2019 09:55 AM

Have you defined a AVC policy (without any marking or control) & applied it to SSID ? Configuration should be simple, follow these posts, however you need to make sure your netflow collector understand flow format send by WLC

https://mrncciew.com/2013/02/12/configuring-netflow-on-wlc-7-4/ 

https://mrncciew.com/2013/02/13/who-really-support-wlc-netflow/ 

 

Even with 8.5 code, 5508 controller not supported fully v9.0 netflow, still it sends those customized flow records & you require your netflow collector understand that flow format

https://mrncciew.com/2016/12/19/wlc-netflow-with-aireos-8-2/ 

 

HTH

Rasika

*** Pls rate all useful responses ***

 

0 Helpful

joshwa
Level 1
Level 1
In response to Rasika Nayanajith

‎11-26-2019 12:04 PM

Yes I have tried an empty AVC but inside PRTG I am showing one big gray circle saying other. There are no IPADDRs, protocols or talk talkes. 

0 Helpful

patoberli
VIP Alumni
VIP Alumni
In response to joshwa

‎11-26-2019 11:42 PM

Have a look first here:
https://kb.paessler.com/en/topic/66842-netflow-on-cisco-5508-wireless-controler (which basically states it's not possible with PRTG and a 5508) and afterwards here:
https://kb.paessler.com/en/topic/75561-how-can-i-monitor-a-cisco-wlc-deployment-with-prtg
I think you can monitor at least a part by using SNMP, but not by using Netflow. I guess this is not possible with PRTG and the 5508.
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card