Cisco Wireless NetFlow Support

Posted in Flexible NetFlow, NetFlow Reporting, wireless netflow on November 23rd, 2012 by Jimmyd
Cisco Wireless NetFlow Support

Good news, with the 7.4 release, the Cisco Wireless LAN Controller will now start exporting Netflow v9 entries.  Together with the Cisco Application Visibility & Control innovation, the Cisco Wireless NetFlow support includes features such as:

  • Robust, proven NBAR2 library supports a massive (1000+) number of applications. New patches are released periodically to support additional applications. This is similar to the IT administrator adding signatures to the anti-virus tool on a regular basis to keep updated with the latest threats.
  • Ability to identify and remark on a sub-category level so the IT administrator can differentiate between patients using Google video vs Google mail, Skype Voice vs Video, and place them in different QoS queues. Even when a guest is using encrypted applications, such as Kazaa version 2 or Microsoft Lync, the IT administrator will still be able to identify it, because NBAR2 supports heuristics based classification.

All New Cisco Wireless NetFlow export with Unique Elements

Cisco sent us a packet capture of the Flexible NetFlow their equipment is exporting and I was able to build reports for this unique export within a few minutes with our new Report Designer. Think of Report Designer as Crystal Reports for NetFlow, IPFIX, etc.  Anyway, the first template they exported was an NBAR2 option template.  The second template they exported included the flow details.  Here are a few of the unique elements included:

  • applicationTag (links back to the NBAR2 option template)
  • ipDiffServCodePoint
  • octetDeltaCount
  • packetDeltaCount
  • postIpDiffServCodePoint
  • staIPv4Address
  • staMacAddress
  • wlanSSID
  • wtpMacAddress

Loaded with the above, I got to work creating Cisco Wireless NetFlow reports with the Report Designer.  We created five reports but, we can create more if you are interested:

  • Cisco Wireless Applications (NBAR Support)
  • Cisco Wireless Applications and Host
  • Cisco Wireless Hosts with Mac Address
  • Cisco Wireless WLAN SSID Hosts
  • Cisco Wireless WLAN SSID List

Be sure to check them out by evaluating Scrutinizer.  Below is an example of the above Cisco Wireless Applications and Host report:

Wireless NetFlow Support

If you would like to setup and evaluate the above reports, give us a holler.  Creating reports requires the Advanced NetFlow Reporting module.  It only takes a few minutes to set these up and once we show you how to create one, you can create as many as you want.  Also, you can configure them once and then they show up for every Cisco Wireless Access Point on your network that is exporting Flexible NetFlow.

 

 

 

 

 


Jimmy D the Netflow Detective

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

Join the NetFlow Developments group on LinkedIn.

If you enjoyed this post, please consider leaving a comment or subscribing to the RSS feed to have future articles delivered to your feed reader.
Tags: , ,

7 Responses to “Cisco Wireless NetFlow Support”

  1. Adam Powers Says:

    Jimmy, did Cisco send you their Flexible NetFlow configuration? It’s hard to believe they wouldn’t be able to export DST_IP and port numbers. I’m hoping they simply didn’t configure FnF correctly (wrong collect/match combo). Let’s hope.

    Great work. Loving the NBAR2 support. Very nice.

  2. Day 0 with WLC 7.4 code. « mrn-cciew Says:

    [...] can download this Plixer Scrutinizer tool for 30 days free trial from here. Also this blog post describe products capability on this [...]

  3. Cisco Catalyst 3850 NetFlow Support - NetFlow & sFlow Network Monitoring - NetFlowKnights.com Says:

    [...] NetFlow and sFlow Analyzer. This switch is no Catalyst 3750 as it offers both wired and wireless as well as native Netflow support with the 3KX module. The switch can enable multi-level QoS based [...]

  4. Cisco AVC Support:: Wireless Policy - NetFlow & sFlow Network Monitoring - NetFlowKnights.com Says:

    [...] can see how Cisco AVC provides unprecedented network application control and visibility into the traffic traversing the network. Now you are going to need a NetFlow analyzer that is [...]

  5. Cisco WLC NetFlow configuration - NetFlow & sFlow Network Monitoring - NetFlowKnights.com Says:

    [...] explained in Jimmy D.’s blog on Cisco WLC NetFlow support, the applications report is proved by a “robust, proven NBAR2 library” which supports [...]

  6. NetFlow - Monitor iPhone Activity - NetFlowKnights.com - NetFlow & sFlow Network Monitoring - NetFlowKnights.com Says:

    [...] the network when a person streams a NetFlix movie to their hand held.  Note: you can learn about Cisco wireless access point NetFlow support in another [...]

  7. Wireless access use grows but where is sFlow and NetFlow? - NetFlowKnights.com - NetFlow & sFlow Network Monitoring - NetFlowKnights.com Says:

    [...] me that early versions of Cisco Aironet Wireless Bridges do not support NetFlow. Today however, Cisco wireless controller NetFlow support is available with AVC funcationality which includes [...]

Leave a Reply

You must be logged in to post a comment.