, ,

WLC software release 7.4 introduced AVC – Application Visibility & Control feature where you can get the wireless traffic visibility. To complement this feature Cisco introduced netflow on WLC where you can export flow information from WLC to a netflow collector.

This post will describe how you configure Netflow feature on a Cisco WLC. First of all you have to enable AVC feature by creating a AVC profile & assign it to required WLANs where you want to get the visibility. Below show how to create AVC profile under “Wireless > Application Visibility & Control > AVC Profiles” . This post will not describe AVC in detail (how to control applications, policy action etc)WLC-Scruti-Netflow-0.1

Via “WLAN > QoS ” section you can map AVC profile to WLAN. See belowWLC-Scruti-Netflow-0.2

Then you have to create a Netflow exporter under “Wireless > Netflow > Exporter ” section. I have used Scrutinizer netflow collector tool as it is the only supporting flow expoerter for Cisco WLC flow format at the time of this post. You can use customize port number as well to export netflow data. WLC does not support multiple exporters & you have to select single exporter (if you have multiple) to work with WLC.WLC-Scruti-Netflow-0.3

Next step is to create Netflow Monitor  in ” Wireless > Netflow > Monitor ” section. Only single static flow record type can be exported from WLC (as oppose to flexible netflow in IOS devices). These records will be send in every 90s and that is fixed in WLC 7.4 which we cannot customized. I have named the monitor as “Scrutinizer” just for simplicity. You can use any other name if you want. Once you create this Netflow Monitor you can associate exporter name & flow record to it.WLC-Scruti-Netflow-0.4

Finally you can associate this netflow monitor on to the WLAN you required to get visibility.WLC-Scruti-Netflow-0.5

You can do the same via CLI as well. Here are the CLI commands to achieve this. Example shown below assume you have two WLANs (ID 1 & 2 ) where you want to get visibility through netflow.

config wlan disable 1
config wlan disable 2
config flow create monitor Scrutinizer
config flow create exporter Scrutinizer port 2055
config flow add monitor Scrutinizer exporter Scrutinizer
config flow add monitor Scrutinizer record ipv4_client_app_flow_record
config wlan flow 1 monitor Scrutinizer enable
config wlan flow 2 monitor Scrutinizer enable
config wlan enable 1
config wlan enable 2

If you have installed the scrutinizer netflow application with required SNMP community (ensure that WLC is allowing Scrutinizer IP to communicate via SNMP) to talk to WLC, you would see your WLC is added into Scrutinizer.  Once you click the required WLC & then Report List > Wireless Reports you can get pre-defined reports type for your wireless traffic.WLC-Scruti-Netflow-0.6

Below shows few sample reports to show the capability of this tool. I think you can easily customize these reports (if you have specific need) with the support of Scrutinizer guys.

This is the traffic statistics per SSID.WLC-Scruti-Netflow-01

This report shows individual clients traffic with their MAC address & IP address.WLC-Scruti-Netflow-02

There is a standard report available for applications by host where you can see each host different application types in wireless environment.WLC-Scruti-Netflow-03

Enjoy of getting this visibility of your wireless traffic 😉

Related Posts

1. Day 0 with WLC 7.4 code
2. Who Really Support WLC Netflow ?
3. Overview of mDNS in WLC 7.4
4. Configuring mDNS in WLC 7.4