It has been several years since Cisco introduced wireless NetFlow support on their Wireless LAN Controller (WLC) platforms. Using the Application Visibility and Control functions, this export provided some unique visibility into the wireless network traffic, but left some gaps in what was available from reporting because the traditional elements were not included.
Many customers that I have worked with over the years have wanted to see things like source/destination pairs, as well as the advantages offered in the unique wireless NetFlow exports.
Now they can!
Cisco improved the WLC NetFlow feature in the 8.2 release. In this software version, WLC offers the option to send an enhanced NetFlow record that is compatible with standard Netflow v9 format to a flow collector. Now it is possible to report on both source and destination IP addresses and ports, and then filter across other exporter flows. There is also a username export, so correlating IP addresses to usernames is possible.
Note that only 8540, 8510 & 5520 controllers support this enhanced flow export. If you have other WLC models like the 5508 or 2504, you will require a supported flow collector like Scrutinizer to view flow data.
Look at the differences in the information offered in the two records:
The original wireless data template (ipv4_client_app_flow_record) included some unique elements.
- staMacAddress
- staIPv4Address
- applicationID (AVC – NBAR)
- wlanSSID
- Direction
- Bytes
- Packets
- postIpDiffServCodePoint
- IP_DSCP
- wtpMacAddress (Access Point MAC)
The enhanced NetFlow export in version 8.2 brings in some more traditional elements.
You can see that the Enhanced record (ipv4_client_src_dst_flow_record) includes data fields including:
- Source IP address
- Destination IP address
- Source port
- Destination port
- Protocol
- Direction
- Application tag (AVC – NBAR)
- Client MAC address
- Access point MAC address
- WlanID (SSID)
- VLAN ID – Mgmt/Dyn
- TOS – DSCP value
- Flow start time
- Flow end time
- Packet count
- Byte count
- Dot1x username
Where in the configuration process is the record selection done?
In the GUI, you configure this in the NetFlow Monitor steps during the Wireless NetFlow Configuration:
- Choose Wireless > Netflow > Monitor.
- Click New and enter a Monitor name.
- On the Monitor List window, click the Monitor name to open the NetFlow Monitor > Edit
- Choose the exporter name and the record name from the respective drop-down lists.
- ipv4_client_app_flow_record
- ipv4_client_src_dst_flow_record
- Click Apply.
- Click Save Configuration.
Look at the advanced visibility the combined elements give you
The report below demonstrates how wireless network visibility using NetFlow helps network administrators by giving them insight into all of the traffic traversing their wireless networks. We can report on the source and destination pair, and correlate what SSID, username, or access point was involved in the traffic.
What are you doing to control and get visibility into the wireless traffic on your network? Contact our support team if you want to learn more or need help with any configurations.