Re: WLC-Netflow-PRTG

Moudar · ‎07-22-2023

Hi,

I have configured the WLC as needed so it will send Netflow traffic to PRTG.

The problem is that nothing is reaching the laptop where I have PRTG installed. Did check with Wireshark and no CFLOW protocol packets are comming from the WLC. WLC can ping the laptop and vice versa.

(Cisco Controller) >show flow exporter statistics

Exporter-name: Netflow
  Total Flows Sent: 60582343
  Total Pkts Sent: 4317956
  Total Pkts Dropped: 0
  Last Sent Time: Wed Aug 29 05:08:55 2159

Looking at the text above and wonder why the WLC says "Last Sent Time: Wed Aug 29 05:08:55 2159"

Total flows send is increasing all the time!

WLC time is configured to use an NTP server:

(Cisco Controller) >show time

Time............................................. Sat Jul 22 23:43:15 2023

Timezone delta................................... 0:0
Timezone location................................ (GMT +1:00) Amsterdam, Berlin, Rome, Vienna

The same laptop is receiving CFLOW protocol packets from a Cisco 4500x switch and PRTG is translating that as expected

(Cisco Controller) >show flow monitor summary

  Monitor-Name             Exporter-Name            Exporter-IP          Port        Record Name
  ============             =============        ===========      ====       ===========
  TEST                                Netflow                  10.2.58.106          2055       ipv4_client_src_dst_flow_record

10.2.58.106 is the ip of the laptop, port 2055 is open and as said other devices are sending Netflow with no problem.

Any ideas?

Rasika Nayanajith · ‎07-22-2023

What WLC model & firmware version in use here ?

Did you configure "Netflow Monitor" under your SSIDs (in GUI, SSID -> QoS -> Netflow Monitor) ?

First, you have to apply an AVC profile under SSID and then configure SSID with Netflow Monitor to send it to you external server (see below screenshot).

HTH
Rasika
*** Pls rate all useful responses ***

Moudar · ‎07-22-2023

Software Version 8.10.181.3

Rasika Nayanajith · ‎07-22-2023

How did you define that "Lync" AVC profile ? Does it have any rules ?

Rasika

Moudar · ‎07-22-2023

Rasika Nayanajith · ‎07-22-2023

If you go to "Monitor -> Applications -> WLAN" do you see all your application traffic on that SSID ?

I assume your APs are local mode (not FlexConnect which does not support Netflow Export)

HTH
Rasika

Moudar · ‎07-22-2023

All APs are in local mode

Rasika Nayanajith · ‎07-24-2023

In your CLI ouputs "show flow exporter statistics" confirm it sending netflow data. I would check on your wireshark machine just filter traffic from wlc management IP address to see what it sends

It appear all your WLC side configs ok

HTH
Rasika
*** Pls rate all useful responses ***

Moudar · ‎07-24-2023

10.0.0.148 is WLC management interface

10.2.58.126 is the PRTG

The laptop that runs the PRTG is connected to the network by Wifi card.

I have looked at all packets and could not find any packet with protocol CFLOW!

Flavio Miranda · ‎07-22-2023

Hi @Moudar

This the steps for web gui

Configure the Exporter by following these steps:

Choose Wireless > Netflow > Exporter.
Click New.
Enter the Exporter name, IP address, and the port number. The valid range for the port number is from 1 to 65535.
Click Apply.
Click Save Configuration.

Note: Only one exporter can be added in the WLC.

Configure the NetFlow Monitor by following these steps:

Choose Wireless > Netflow > Monitor.
Click New and enter the Monitor name.
On the Monitor List page, click the Monitor name to open the Netflow Monitor > Edit page.
Choose the Exporter name and the Record name from the respective drop-down lists.
Click Apply.
Click Save Configuration.

Note: Only one Monitor entry can be added in the WLC.

Associate a NetFlow Monitor to a WLAN by following these steps:

Choose WLANs and click the WLAN ID to open the WLANs > Edit page.
In the QoS tab, choose the NetFlow Monitor from the Netflow Monitor drop-down list.
Click Apply.
Save config

Moudar · ‎07-22-2023

I did all the above, but still no flows!

Flavio Miranda · ‎07-24-2023

@Moudar There was another guy here in the forum facing problem with netflow and PRTG. He had one device on the PRTG and when he tried to send the log from another device the PRTG logs said the port was busy with another request.

If you run tcpdump on the PRTG side do you see any information to help? Is there any iptables on this machine, considering it is a Linus one?

Moudar · ‎07-24-2023

PRTG is running on Windows 10 machine.

I have already 2 devices one 4500x router and one 9200L switch sending Netflow to this machine with no problem.

I could add another switch which sends Netflow with no problem.

Only WLC is grayed out!!

jirochaguerra · ‎01-25-2024

Flavio, I am trying but I can't do it. Did you found a solution about that?

Moudar · ‎01-26-2024

Utilize different ports for various devices to enhance PRTG's data collection capabilities. If you have many devices transmitting packets to PRTG, configure separate NetFlow ports for each device.

Example:

WLC: 2055
Switch1: 2056
Router1: 2057
etc.

While it's possible to have several devices sending to the same port, this can lead to data conflicts and potential issues, as evidenced by the WLC failing to function properly. Employing unique ports for each device ensures efficient data collection and prevents conflicts.

That could solve my problem!