11-14-2019 12:48 PM - edited 07-05-2021 11:18 AM
I am running a Cisco 5508 Wireless Controller with Software Version 8.5.151.0. The goal is to have Netflow monitoring client usage to identify clients using to much traffic and where the total over all traffic is going or coming from.
I am running PRTG Network Monitor 19.2.50.2842 x64 with sensor Netflow v9 Custom. I have configured inside the WLC from:
Netflow Configuration:
Wireless > Netflow > Exporter
Name = PRTG
Exp IP = 10.x.x.x
Port = 9993
Wireless > Netflow > Monitor
Net Mon Name = PRTG_Netflow
Exp Name = PRTG
Record Name = Client App Record (Better Performance).
Apply Netflow:
WLAN > WLAN ID X > QoS >
<Check Mark> Application Visibility
Netflow Monitor = PRTG_Netflow
Apply. At this point I was getting an error for AVC Profile, but it has disappeared.
Inside PRTG
Sensor Name: WLC Netflow v9
Receive NetFlow Packets on UDP Port: 9993
Sender IP: WLC Interface
The connection is made, but I am not getting the information inside the Tops, Talkers, Connections, Protocols. I am getting 100% information but no expected information.
I am understanding what AVC is used for. I am not trying to apply access list to access on the networks, just trying to configure data points to troubleshoot problems.
Any help on getting the acquired data?
11-15-2019 04:03 AM - edited 11-15-2019 04:04 AM
From the manual:
An IP traffic flow is a sequence of packets passing through a network device with common attributes like source and destination IP address & transport ports, direction, etc. Additional common attributes for wireless flow are SSID, AP MAC. These packets with common attributes are aggregated into flows and exported to the Netflow Collectors. Prior to relase 8.2, controller exported Netflow data was analyzed only by PI (Prime Infrastructure) and wasn't compatible with any third party Netflow collectors.
In release 8.2 nenhanced Netflow records exporter is introduced. New Netflow v9 is sending 17 different data records ( as defined in RFC 3954) to the External 3rd Party Netflow collector such as Lancope and others. Support for the Enhanced Flow Record Data Export was added on the WLC 5520, 8510 and 8540.
Prior to release 8.2 Netflow feature available on the controller sends only the IP address of the client, SSID and Application statistics. While this helps for compatible Netflow collectors like Cisco Prime to show the application statistics, it does not provide the full 5 tuple flow information and is also not compatible with many 3rd party Netflow collectors who expect 5 tuples.
The current netflow record prior to release 8.2 that WLC exports support only the following fields
I've marked the important parts red.
In other words, you get the expected results.
11-15-2019 09:55 AM
Have you defined a AVC policy (without any marking or control) & applied it to SSID ? Configuration should be simple, follow these posts, however you need to make sure your netflow collector understand flow format send by WLC
https://mrncciew.com/2013/02/12/configuring-netflow-on-wlc-7-4/
https://mrncciew.com/2013/02/13/who-really-support-wlc-netflow/
Even with 8.5 code, 5508 controller not supported fully v9.0 netflow, still it sends those customized flow records & you require your netflow collector understand that flow format
https://mrncciew.com/2016/12/19/wlc-netflow-with-aireos-8-2/
HTH
Rasika
*** Pls rate all useful responses ***
11-26-2019 12:04 PM
Yes I have tried an empty AVC but inside PRTG I am showing one big gray circle saying other. There are no IPADDRs, protocols or talk talkes.
11-26-2019 11:42 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide