I have done some netflow product evaluation specific to Cisco wireless LAN controller traffic. Cisco introduced this netflow feature on WLC 126.96.36.199 code with AVC (Application Visibility & Control).
Below shows one of our controller Application Statistics (Monitor -> Applications). As you can see we can view “aggregate” , “upstream” & “downstream” traffic statistics with individual application breakdown.
By exporting these information to a Netflow collector I would expect reporting on these traffic statistics. That was my primary objective. As we did not have Cisco Prime with prime assurance module, I have to rely on other (3rd party netflow tools). I tried this with Fluke NPA, Solarwinds NTA, Plixer Scrutinizer as Cisco document does not specify any limitation with 3rd parties in their document. But later on realized Cisco does not clearly document compatibility with 3rd party NMS. Only Scrutinizer support this netflow export from WLC as at today.
Here is my independent view on this tool with respect to WLC netflow monitoring.
1. We can easily group multiple controllers & reporting based on that. This is extremely useful to get top level view of your wireless environment if you have multiple WLCs in multiple sites. Here is sample report based my wireless network.
This has a drawback where I cannot differentiate upstream downstream traffic by using this tool. Cisco is claiming Prime can do this, but I haven’t see it yet.
2. Scrutinizer gives you the flexibility to modify the reports as you need. Below is one report showing the top 10 wireless users based on MAC address. By default this report is based on IP address & that will not uniquely identify a device (as in my environment 15 min is lease time & same IP can be taken by many users /devices during period of time)
3. DSCP based reporting. This is really helpful to determine how good your wireless network from QoS perspective. You can determine required application get correctly classify within your wireless network. Below does not show the application name (but I think it is easy to convert application ID to name)
4. You can have customized dashboard. Here is my dashboard looks like (I like the colours of these graphs)
5. Lack of capability to generate a summary report. There are no way of me to generate customize report combining multiple graphs/tables. From management point of view, I should be able to see a summary report which gives high level overview of my wireless network utilization.
6. Only top 10 will be shown as different colour, If I want to see other than this (top 20, top 50) in graphical view in different colour, it is not available yet. But I think this can be done.
So What is the conclusion ? In my personal view, we should wait & see for little more before deciding on a tool. Because cisco is changing their wireless design architecture to “Converged Access” which allow us to terminates all CAPWAP tunnels at access layer. Then there is no requirement to have special collector (like today for WLC 7.4) as everything should be standard netwflow v9.0 & any of netflow collector tool should be able to use.
1. Day 0 with WLC 7.4 code
2. Who Really Support WLC Netflow ?
3. Configuring Netflow on WLC 7.4
4. Configuring mDNS in WLC 7.4
MIchael Patterson said:
When setting up the Flow Exporter in the Flexible NetFlow configuration, did you include the line “option application-table”? This exports the application names option template which is needed to look up the application listed in the flow template. Without the application-table option template, applications are listed as for example: type 13 ID80. Contact me if this is unclear.
Thanks for your comment. I did not do that, If you can assist me to do that bit , it would be really appreciated.
Actually Jim Dougherty assisted me configure your application for this trial. At least if you can send me some screen captures how to do this it would be great. My email is firstname.lastname@example.org
Have you tried splunk as a netflow collector?
No, I haven’t try that, I doubt whether they support WLC netflow
Do you know of any netflow analyer which can give you a cli based report? For ex, no of radius packets from a specific wlc?
Have you tried Splunk ? As long as you get logs from WLC and Radius server, Splunk can generate any reports
Netflow with prime is not working