WLC-Netflow-PRTG
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-22-2023 02:53 PM
Hi,
I have configured the WLC as needed so it will send Netflow traffic to PRTG.
The problem is that nothing is reaching the laptop where I have PRTG installed. Did check with Wireshark and no CFLOW protocol packets are comming from the WLC. WLC can ping the laptop and vice versa.
(Cisco Controller) >show flow exporter statistics
Exporter-name: Netflow
Total Flows Sent: 60582343
Total Pkts Sent: 4317956
Total Pkts Dropped: 0
Last Sent Time: Wed Aug 29 05:08:55 2159
Looking at the text above and wonder why the WLC says "Last Sent Time: Wed Aug 29 05:08:55 2159"
Total flows send is increasing all the time!
WLC time is configured to use an NTP server:
(Cisco Controller) >show time
Time............................................. Sat Jul 22 23:43:15 2023
Timezone delta................................... 0:0
Timezone location................................ (GMT +1:00) Amsterdam, Berlin, Rome, Vienna
The same laptop is receiving CFLOW protocol packets from a Cisco 4500x switch and PRTG is translating that as expected
(Cisco Controller) >show flow monitor summary
Monitor-Name Exporter-Name Exporter-IP Port Record Name
============ ============= =========== ==== ===========
TEST Netflow 10.2.58.106 2055 ipv4_client_src_dst_flow_record
10.2.58.106 is the ip of the laptop, port 2055 is open and as said other devices are sending Netflow with no problem.
Any ideas?
- Labels:
-
Wireless LAN Controller
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-22-2023 03:20 PM - edited 07-22-2023 03:21 PM
What WLC model & firmware version in use here ?
Did you configure "Netflow Monitor" under your SSIDs (in GUI, SSID -> QoS -> Netflow Monitor) ?
First, you have to apply an AVC profile under SSID and then configure SSID with Netflow Monitor to send it to you external server (see below screenshot).
HTH
Rasika
*** Pls rate all useful responses ***
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-22-2023 03:31 PM
Software Version 8.10.181.3
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-22-2023 03:38 PM
How did you define that "Lync" AVC profile ? Does it have any rules ?
Rasika
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-22-2023 03:42 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-22-2023 03:53 PM
If you go to "Monitor -> Applications -> WLAN" do you see all your application traffic on that SSID ?
I assume your APs are local mode (not FlexConnect which does not support Netflow Export)
HTH
Rasika
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-22-2023 03:58 PM
All APs are in local mode
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-24-2023 02:27 AM
In your CLI ouputs "show flow exporter statistics" confirm it sending netflow data. I would check on your wireshark machine just filter traffic from wlc management IP address to see what it sends
It appear all your WLC side configs ok
HTH
Rasika
*** Pls rate all useful responses ***
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-24-2023 06:05 AM
10.0.0.148 is WLC management interface
10.2.58.126 is the PRTG
The laptop that runs the PRTG is connected to the network by Wifi card.
I have looked at all packets and could not find any packet with protocol CFLOW!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-22-2023 03:24 PM
Hi @Moudar
This the steps for web gui
Configure the Exporter by following these steps:
- Choose Wireless > Netflow > Exporter.
- Click New.
- Enter the Exporter name, IP address, and the port number. The valid range for the port number is from 1 to 65535.
- Click Apply.
- Click Save Configuration.
Note: Only one exporter can be added in the WLC.
Configure the NetFlow Monitor by following these steps:
- Choose Wireless > Netflow > Monitor.
- Click New and enter the Monitor name.
- On the Monitor List page, click the Monitor name to open the Netflow Monitor > Edit page.
- Choose the Exporter name and the Record name from the respective drop-down lists.
- Click Apply.
- Click Save Configuration.
Note: Only one Monitor entry can be added in the WLC.
Associate a NetFlow Monitor to a WLAN by following these steps:
- Choose WLANs and click the WLAN ID to open the WLANs > Edit page.
- In the QoS tab, choose the NetFlow Monitor from the Netflow Monitor drop-down list.
- Click Apply.
- Save config
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-22-2023 03:32 PM
I did all the above, but still no flows!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-24-2023 04:18 AM
@Moudar There was another guy here in the forum facing problem with netflow and PRTG. He had one device on the PRTG and when he tried to send the log from another device the PRTG logs said the port was busy with another request.
If you run tcpdump on the PRTG side do you see any information to help? Is there any iptables on this machine, considering it is a Linus one?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-24-2023 06:10 AM
PRTG is running on Windows 10 machine.
I have already 2 devices one 4500x router and one 9200L switch sending Netflow to this machine with no problem.
I could add another switch which sends Netflow with no problem.
Only WLC is grayed out!!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-25-2024 07:03 AM
Flavio, I am trying but I can't do it. Did you found a solution about that?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-26-2024 02:14 PM
Utilize different ports for various devices to enhance PRTG's data collection capabilities. If you have many devices transmitting packets to PRTG, configure separate NetFlow ports for each device.
Example:
- WLC: 2055
- Switch1: 2056
- Router1: 2057
- etc.
While it's possible to have several devices sending to the same port, this can lead to data conflicts and potential issues, as evidenced by the WLC failing to function properly. Employing unique ports for each device ensures efficient data collection and prevents conflicts.
That could solve my problem!
