Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1081
Views
0
Helpful
2
Replies

9800 Controller netflow exporter

Go to solution
laerciotobias
Level 1
Level 1

‎08-08-2022 12:04 PM

Hi we have an 9800 Controller and we are using SDA Wireless, we have setup our DNA center server as our netflow exporter.

I would like to know if we can export our flows to more than one flow export server in the same SSID.

Example: SSID Corp - Export flow to session to DNA Center and also to stealthwatch.

I was not abble to find any documentation and when i setup one exporter in the policy it overwrite the old one. (So, i am assuming only one fnf exporter server is supported)

Thanks.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rasika Nayanajith
VIP
VIP

‎08-08-2022 01:49 PM

I think so.

Here is the 17.9.1 config guide &  it listed Local/Flex & Fabric design Netflow/AVC. Compare to Local/Flex mode, it has listed a few limitations in Fabric (SDA-Wireless). Pls check them out.

https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/17-9/config-guide/b_wl_17_9_cg.pdf 

Local Mode
• NBAR is enabled on the controller .
• AVC does not push the FNF configuration to the APs.
• Roaming events are ignored.
However, AVC supports L3 roams in local mode as traffic flows through the anchor controller (where
NBAR was initially processing the roaming client's traffic when the client joined).
• IOSd needs to trigger NBAR attach.
• Supports flow monitor cache.
• Supports NetFlow exporter.

Flex Mode
• NBAR is enabled on an AP
• AVC pushes the FNF configuration to the APs.
• Supports context transfer for roaming in AVC-FNF.
• Supports flow monitor cache.
• Supports NetFlow exporter.

Fabric Mode
• NBAR is enabled on an AP.
• AVC pushes the FNF configuration to the APs.
• Supports context transfer for roaming in AVC-FNF.
• Flow monitor cache is not supported.
• Provides only limited support for NetFlow exporter.

HTH
Rasika
*** Pls rate all useful responses ***

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Rasika Nayanajith
VIP
VIP

‎08-08-2022 01:49 PM

I think so.

Here is the 17.9.1 config guide &  it listed Local/Flex & Fabric design Netflow/AVC. Compare to Local/Flex mode, it has listed a few limitations in Fabric (SDA-Wireless). Pls check them out.

https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/17-9/config-guide/b_wl_17_9_cg.pdf 

Local Mode
• NBAR is enabled on the controller .
• AVC does not push the FNF configuration to the APs.
• Roaming events are ignored.
However, AVC supports L3 roams in local mode as traffic flows through the anchor controller (where
NBAR was initially processing the roaming client's traffic when the client joined).
• IOSd needs to trigger NBAR attach.
• Supports flow monitor cache.
• Supports NetFlow exporter.

Flex Mode
• NBAR is enabled on an AP
• AVC pushes the FNF configuration to the APs.
• Supports context transfer for roaming in AVC-FNF.
• Supports flow monitor cache.
• Supports NetFlow exporter.

Fabric Mode
• NBAR is enabled on an AP.
• AVC pushes the FNF configuration to the APs.
• Supports context transfer for roaming in AVC-FNF.
• Flow monitor cache is not supported.
• Provides only limited support for NetFlow exporter.

HTH
Rasika
*** Pls rate all useful responses ***

0 Helpful

Go to solution
laerciotobias
Level 1
Level 1
In response to Rasika Nayanajith

‎08-10-2022 12:04 PM

Thanks Rasika

I think Documentation should be more clear about this limitation

I have not found any documentation about information and "Provides only limited support for NetFlow exporter.", is to generic, i think.

 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card