Two months ago we started playing with the Cisco Wireless Controller NetFlow configuration and got it to export flows with NBAR support.  Pretty cool stuff. We were given a Cisco 2500 series to play with and once we had flows going to our NetFlow analyzer, it became clear why this hardware is part of the Cisco AVC family of NetFlow capable solutions. 

Here’s a break down on some of features as well as the hardware required for AVC support on the wireless controllers:

• AVC works on traffic from Cisco APs in “Local Mode”, FlexConnect central switching and OEAP traffic.
• AVC is based on port, destination and heuristics which allows reliable packet classification with deep visibility.
• AVC looks into the initial setup of the client flow (first 10-20 packets) so loading on the controller system is minimal.
• Available for all current generation Cisco controllers supporting v7.4 - Cisco 2504, 5508, WiSM2, Flex 7500 and 8500

Application Visibility and Control

Cisco Application Visibility and Control (AVC) solution is a suite of services that provides application-level classification, monitoring, and traffic control to improve application performance.  It is available within the following hardware families:

• Cisco Integrated Services Routers Generation 2 (ISR G2)
• Cisco ASR 1000 Series Aggregation Service Routers (ASR 1000s)
• Cisco Wireless LAN Controllers

The Cisco AVC Solution helps you:

• Identify and classify over 1,000 applications by leveraging NBAR
• Monitor next generation flow statistics such as response time, latency, jitter, and other application performance metrics
• Export NetFlow version 9 or IP information export (IPFIX)
• Set different QoS priorities based on application
• Dynamically choose network paths based on performance

Cisco Wireless Controller NetFlow Configuration

The Cisco wireless controller NetFlow configuration is shown below.

A few minutes after our NetFlow analyzer started receiving the flows, I saved some reports and created a custom Cisco Wireless Controller NetFlow dashboard:

As one of my co-workers pointed out in his post on Cisco wireless NetFlow support these reports are a bit unique and won’t work with just any ol’ NetFlow collector.  We had to create special provisions in our NetFlow reporting interface. This hardware exports 2 templates.  One is the NBAR option template, the 2^nd is the actual flows which contain the following elements:

• Client Source MAC : Key Field
• Client Source IP : Key Field
• SSID Name : Key Field
• Application ID
• Direction
• Byte Count
• Packet Count
• In DSCP
• Out DSCP
• Last AP MAC

Notice anything missing? 

Watch the webcast by Cisco and Plixer that is posted on YouTube.