Cisco Wireless NetFlow Support

Good news, with the 7.4 release, the Cisco Wireless LAN Controller will now start exporting Netflow v9 entries.  Together with the Cisco Application Visibility & Control innovation, the Cisco Wireless NetFlow support includes features such as:

• Robust, proven NBAR2 library supports a massive (1000+) number of applications. New patches are released periodically to support additional applications. This is similar to the IT administrator adding signatures to the anti-virus tool on a regular basis to keep updated with the latest threats.
• Ability to identify and remark on a sub-category level so the IT administrator can differentiate between patients using Google video vs Google mail, Skype Voice vs Video, and place them in different QoS queues. Even when a guest is using encrypted applications, such as Kazaa version 2 or Microsoft Lync, the IT administrator will still be able to identify it, because NBAR2 supports heuristics based classification.

All New Cisco Wireless NetFlow export with Unique Elements

Cisco sent us a packet capture of the NetFlow v9 their equipment is exporting and I was able to build reports for this unique export within a few minutes with our new Report Designer. Think of Report Designer as Crystal Reports for NetFlow, IPFIX, etc.  Anyway, the first template they exported was an NBAR2 option template.  The second template they exported included the flow details.  Here are a few of the unique elements included:

• applicationTag (links back to the NBAR2 option template)
• ipDiffServCodePoint
• octetDeltaCount
• packetDeltaCount
• postIpDiffServCodePoint
• staIPv4Address
• staMacAddress (The IPv4 address of a wireless station) source
• wlanSSID
• wtpMacAddress (The IEEE 802 MAC address of a wireless access point)

Loaded with the above, I got to work creating Cisco Wireless NetFlow reports with the Report Designer.  We created five reports but, we can create more if you are interested:

• Cisco Wireless Applications (NBAR Support)
• Cisco Wireless Applications and Host
• Cisco Wireless Hosts with Mac Address
• Cisco Wireless WLAN SSID Hosts
• Cisco Wireless WLAN SSID List

Be sure to check them out by evaluating Scrutinizer.  Below is an example of the above Cisco Wireless Applications and Host report:

If you would like to setup and evaluate the above reports, give us a holler.  Creating reports requires the Advanced NetFlow Reporting module.  It only takes a few minutes to set these up and once we show you how to create one, you can create as many as you want.  Also, you can configure them once and then they show up for every Cisco Wireless Access Point on your network that is exporting Flexible NetFlow.