Solved: AVC not dropping traffic

smartnet7 · ‎10-29-2014

Hello,

I've got a cisco WLC 2504 with the latest firmware. And created an AVC profile to drop Whatsapp and Facebook traffic.

I added this to the WLAN I configurerd, but the traffic doesn't get dropped with cell phones.

If I've a cell phone which has the apps (whatsapp and Facebook) installed, AVC wont drop te traffic.

It does drop the traffic if I use a browser to go to Facebook. Is this some kind of bugg?

Regards,

Tom

Rasika Nayanajith · ‎10-29-2014

Unfortunately you have to wait for the next release of software code (not sure when 8.0MR1 comes it will have the updated protocol pack),.

Even if it is a bug, without updating these AVC signatures, I do not think you can fix it. Here is the release not confirming this

http://www.cisco.com/c/en/us/td/docs/wireless/controller/nbar2_prot_pack/11-0-0/b-nbar2-prot-pack-1100/b-nbar2-prot-pack-1100_chapter_010101.html#wp2108825774

Network-Based Application Recognition (NBAR2) Protocol Pack 11.0.0 support is provided for Cisco Wireless LAN Controller platforms, starting with the 8.0 release.

NBAR2 Protocol Pack 11.0.0 is supported on the following Cisco Wireless LAN Controller platforms:

Cisco 5508 Wireless Controller
Cisco Flex 7500 Series Wireless Controllers
Cisco 8510 Wireless Controller
Cisco Wireless Services Module 2 (WiSM2)

Note

Cisco Wireless LAN Controller software release 8.0, uses NBAR engine 16, and contains NBAR2 Protocol Pack 9.0.0 built-in. For more information on software releases and compatible protocol packs, see Working with Protocol Packs.
Though the NBAR2 protocol library and the protocol signatures support IPv6 traffic classification, Cisco Wireless LAN Controller platforms currently support only IPv4 traffic classification.
The Cisco 2504 Wireless Controller supports Application Visibility and Control, but supports only built-in protocol packs present in Wireless LAN Controller software releases. It does not support downloading and installing protocol packs.

**** Pls do not forget to rate our responses if it useful ****

HTH

Rasika

View solution in original post

Rasika Nayanajith · ‎10-29-2014

Hi Tom,

Pls provide the below CLI command output from your WLC to see what version of AVC engine/protocol pack version you have

show sysinfo
show avc engine version
show avc protocol-pack version

HTH

Rasika

**** Pls rate all useful responses ***

smartnet7 · ‎10-29-2014

Hi Manannalage,

thank you for your quick response.

Here is the output:

(Cisco Controller) >show sysinfo

Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 8.0.100.0
Bootloader Version............................... 1.0.20
Field Recovery Image Version..................... 7.6.101.1
Firmware Version................................. PIC 16.0

Build Type....................................... DATA + WPS

System Name...................................... WLC-Glogil01
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1279
IP Address....................................... 172.16.16.253
IPv6 Address..................................... ::
Last Reset....................................... Software reset
System Up Time................................... 22 days 23 hrs 7 mins 20 secs
System Timezone Location.........................
System Stats Realtime Interval................... 5
System Stats Normal Interval..................... 180

--More-- or (q)uit

Configured Country............................... NL - Netherlands
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +34 C
External Temperature............................. +38 C
Fan Status....................................... 4500 rpm

State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 5
Number of Active Clients......................... 28

Burned-in MAC Address............................ 50:06:04:CB:E2:C0
Maximum number of APs supported.................. 75
System Nas-Id.................................... Cisco_cb:e2:c4

(Cisco Controller) >show avc engine version

AVC Engine Version: 16

(Cisco Controller) >show avc protocol-pack version

AVC Protocol Pack Name: Advanced Protocol Pack
AVC Protocol Pack Version: 9.0

(Cisco Controller) >

Rasika Nayanajith · ‎10-29-2014

Please upgrade your AVC protocol pack to version 11.0 & see if that make any difference. Here is the required instructions

http://www.cisco.com/c/en/us/td/docs/wireless/controller/nbar2_prot_pack/11-0-0/b-nbar2-prot-pack-1100/b-nbar2-prot-pack-1100_chapter_010110.html

HTH

Rasika

**** Pls rate all useful responses ***

smartnet7 · ‎10-29-2014

Rasika,

I cannot download the protocol pack, because I have a WLC 2504. Only higher WLC models have the option to download/install protocol packs seperatly.

See URL below:

http://www.cisco.com/c/en/us/td/docs/wireless/controller/nbar2_prot_pack/6-3-0/b_nbar2_prot_pack_630/b_nbar2_prot_pack_630_chapter_01.html

Should I wait for a different firmware release for the WLC 2504? It's not a known bug that AVC does not drop certain traffic.

Rasika Nayanajith · ‎10-29-2014

Unfortunately you have to wait for the next release of software code (not sure when 8.0MR1 comes it will have the updated protocol pack),.

Even if it is a bug, without updating these AVC signatures, I do not think you can fix it. Here is the release not confirming this

http://www.cisco.com/c/en/us/td/docs/wireless/controller/nbar2_prot_pack/11-0-0/b-nbar2-prot-pack-1100/b-nbar2-prot-pack-1100_chapter_010101.html#wp2108825774

Network-Based Application Recognition (NBAR2) Protocol Pack 11.0.0 support is provided for Cisco Wireless LAN Controller platforms, starting with the 8.0 release.

NBAR2 Protocol Pack 11.0.0 is supported on the following Cisco Wireless LAN Controller platforms:

Cisco 5508 Wireless Controller
Cisco Flex 7500 Series Wireless Controllers
Cisco 8510 Wireless Controller
Cisco Wireless Services Module 2 (WiSM2)

Note

Cisco Wireless LAN Controller software release 8.0, uses NBAR engine 16, and contains NBAR2 Protocol Pack 9.0.0 built-in. For more information on software releases and compatible protocol packs, see Working with Protocol Packs.
Though the NBAR2 protocol library and the protocol signatures support IPv6 traffic classification, Cisco Wireless LAN Controller platforms currently support only IPv4 traffic classification.
The Cisco 2504 Wireless Controller supports Application Visibility and Control, but supports only built-in protocol packs present in Wireless LAN Controller software releases. It does not support downloading and installing protocol packs.

**** Pls do not forget to rate our responses if it useful ****

HTH

Rasika

smartnet7 · ‎10-29-2014

Thank you for your help. I guess theres nothing else I can do then wait for a new firmware release.

Regards,

Tom

Rasika Nayanajith · ‎10-29-2014

Hi Tom,

If possible reach TAC & see, there may be some alternatives which we do not know.

Thanks for rating responses as well

HTH

Rasika