Blog :: Configuration

Cisco WLC NetFlow Configuration

Instructions for the Cisco WLC NetFlow configuration can be found in the Cisco Wireless LAN Controller Configuration Guide, Release 7.4, page 130.   The NetFlow configuration instructions are also outlined below.

Enabling NetFlow exports from the Cisco Wireless LAN Controller gives you Cisco’s Application Visibility and Control reporting in Scrutinizer v11.  Examples of these advanced reporting features are also included below.

Configuring Cisco WLC NetFlow (GUI)

Step 1

Configure the exporter by following these steps:

  1. Choose Wireless > NetFlow > Exporter.
  2. Click New.
  3. Enter the exporter name, IP address, and the port number. The valid range for the port number is from 1 to 65535.
  4. Click Apply.
  5. Click Save Configuration.

Note: Only one exporter can be added in the WLC.

Step 2

Configure the NetFlow monitor by following these steps:

  1. Choose Wireless > NetFlow > Monitor.
  2. Click New and enter the monitor name.
  3. On the Monitor List page, click the Monitor name to open the NetFlow Monitor > Edit page.
  4. Choose the exporter name and the record name from the respective dropdown lists.
  5. Click Apply.
  6. Click Save Configuration.

Note: Only one monitor entry can be added in the WLC.

Step 3

Associate a NetFlow monitor to a WLAN by following these steps:

  1. Choose WLANs and click the WLAN ID to open the WLANs > Edit page.
  2. In the QoS tab, choose the NetFlow monitor from the NetFlow monitor dropdown list.
  3. Click Apply.
  4. Click Save Configuration.

Note: Application Visibility has to be enabled for the NetFlow monitor to work.

Configuring NetFlow (CLI)

• Create an Exporter by entering this command:
config flow create exporter exporter-name ip-addr port-number
• Create a NetFlow Monitor by entering this command:
config flow create monitor monitor-name
• Associate or dissociate a NetFlow Monitor with an Exporter by entering this command:
config flow {add | delete} monitor monitor-name exporter exporter-name
• Associate or dissociate a NetFlow Monitor with a Record by entering this command:
config flow {add | delete} monitor monitor-name record ipv4_client_app_flow_record
• Associate or dissociate a NetFlow Monitor with a WLAN by entering this command:
config wlan flow wlan-id monitor monitor-name {enable | disable}
• See a summary of NetFlow Monitors by entering this command:
show flow monitor summary
• See information about the Exporter by entering this command:
show flow exporter {summary | statistics}
• Configure a debug of NetFlow by entering this command:
debug flow {detail | error | info} {enable | disable}

Cisco Wireless NetFlow Reporting

Now that we have the Wireless LAN Controller NetFlow configuration covered, let’s talk about Cisco Wireless NetFlow Support, Wireless NetFlow reporting and the Application Visibility and Control reporting available from Scrutinizer.

For AVC configuration assistance, please refer to the Application Visibility and Control Deployment Guide.

The Advanced NetFlow Wireless reports available are:

  • Applications Downstream
  • Applications Upstream
  • Applications by Wireless Host
  • Applications by Wireless Host with DSCP
  • Hosts by SSID
  • Hosts with MAC
  • SSID List

In addition, the following Cisco AVC report is available for the WLC:

  • NBAR: Applications

Here is an example of the NBAR: Applications report for the Wireless LAN Controller.

Cisco AVC NBAR Applications

As explained in Jimmy D.’s blog on Cisco WLC NetFlow support, the applications report is proved by a “robust, proven NBAR2 library” which supports more than 1000 applications.  This NBAR2 (Network Based Application Recognition) library is also regularly updated to provide the most up-to-date Application reporting.

Also, using the simple reporting navigation available in our NetFlow Analyzer, with just one click from the NBAR: Applications report, you can now see who accessed those applications!

Monitor Facebook traffic with NetFlow

In the example above, in the NBAR: Applications report, we can select an application (Facebook, for example) and then select a WLC NetFlow report such as Hosts with MAC.  The application “Facebook” is automatically added to the Hosts with MAC report, resulting in a report showing IP Address, the STA MAC Address, AP MAC Address, and traffic bit rate based on their use of Facebook on the wireless network; just clicks away to a wealth of information from your Wireless Controllers.

To see this Advanced NetFlow reporting for yourself, please give us a call at 207-324-8805 x3.  We can show you the rich reporting and analytical features available, and also help you install (and configure!) at your site for first-hand testing in your environment.

Related

AdobeStock scaled

What visibility flow data offer

Network and Security administrators have several monitoring protocols available to help provide network insight and security awareness. Today, I’d like to talk about why flow

::
jeffm

Inspecting encrypted traffic with JA3 and JA3S fingerprinting

Two years ago, I wrote a blog about tracking malware in encrypted traffic. The overall theme of that blog was that encryption has become

::
annam

How to configure Viptela IPFIX exports

One of the perks of working in technical support is learning something new every day. For instance, just earlier today I was on a

::