Tags
Starting from WLC 7.5.x release, you can update the NBAR2 protocol packs independent to the controller software. Protocol packs are software packages that allow update of signature support without replacing the image on the Controller. You have an option to load protocol packs dynamically when new protocol support is being added. There will be two kinds of Protocol Packs-Major and Minor:
• Major protocol packs include support for new protocols, updates and bug fixes.
• Minor protocol packs typically do not include support for new protocols.
• Protocol packs are targeted to specific platform types, software versions and releases separately.Protocol Packs can be downloaded from CCO using the software type “NBAR2 Protocol Pack“.
Below link provide the information about available NBAR2 protocol packs for supported platforms.
http://www.cisco.com/en/US/docs/ios-xml/ios/qos_nbar/prot_lib/config_library/nbar-prot-pack-library.html
This link provide the protocol pack 4.1.1 specific information.
http://www.cisco.com/en/US/docs/wireless/controller/nbar2_prot_pack/4.1.1/b_nbar2_prot_pack_411_chapter_01.html
NBAR2 Protocol Pack 4.1.1 is supported on the following Cisco Wireless LAN Controller platforms:
1. Cisco 5508 Wireless Controller
2. Cisco Flex 7500 Series Wireless Controllers
3. Cisco 8510 Wireless Controller
4. Cisco Wireless Services Module 2 (WiSM2)
**** The Cisco 2504 Wireless Controller supports Application Visibility and Control, but does not support protocol packs ****
Protocol packs are released with specific NBAR engine versions. For example, WLC 7.5 has NBAR engine 13. The protocol pack file “pp-AIR-7.5-13-4.1.1.pack” (Format: pp-AIR-{release}-{engine version}-M.m.r.pack) will be located in the same location with the controller code version 7.5.
You can verify the AVC engine version & the protocol pack version of your controller as shown below
(BUN-PW00-WC01) >show avc engine version AVC Engine Version: 13 (BUN-PW00-WC01) >show avc ? profile protocol-pack (BUN-PW00-WC01) >show avc protocol-pack ? version Display AVC Protocol-Pack Version information. (BUN-PW00-WC01) >show avc protocol-pack version AVC Protocol Pack Name: Advanced Protocol Pack AVC Protocol Pack Version: 1.0
You can download a protocol pack to WLC like normal file transfer via FTP or TFTP. I have used TFTP method here. Datatype to be selected as “avc-protocol-pack” as shown below.
(BUN-PW00-WC01) >transfer download mode tftp (BUN-PW00-WC01) >transfer download datatype avc-protocol-pack (BUN-PW00-WC01) >transfer download path . (BUN-PW00-WC01) >transfer download serverip x.x.13.2 (BUN-PW00-WC01) >transfer download filename pp-AIR-7.5-13-4.1.1.pack (BUN-PW00-WC01) >transfer download start Mode............................................. TFTP Data Type........................................ AVC Protocol Pack TFTP Server IP................................... 131.172.13.2 TFTP Packet Timeout.............................. 6 TFTP Max Retries................................. 10 TFTP Path........................................ ./ TFTP Filename.................................... pp-AIR-7.5-13-4.1.1.pack Starting tranfer of AVC Protocol Pack This may take some time. Are you sure you want to start? (y/N) y TFTP AVC Protocol Pack transfer starting. TFTP receive complete... Loading Protocol Pack. AVC Protocol Pack installed.
Once installation complete, you can verify the AVC protocol pack status using the same previous two commands as shown in the below.
(BUN-PW00-WC01) >show avc protocol-pack version AVC Protocol Pack Name: Advanced Protocol Pack AVC Protocol Pack Version: 4.10001 (BUN-PW00-WC01) >show avc engine version AVC Engine Version: 13
*******
If you are using WLC 7.6.x code, then latest AVC protocol pack is “pp-AIR-7.6-13-6.3.0.pack“. You need to use this if your WLC is running on 7.6.x software releas.
Here is the protoco pack 6.3.0 specific information
http://www.cisco.com/en/US/docs/wireless/controller/nbar2_prot_pack/6.3.0/b_nbar2_prot_pack_630.html
*******
When configuring AVC (specifically to re-calssify traffic), it is important to understand the interaction with QoS for the given WLAN.The NBAR2 functionality is based on the DSCP setting. The following occurs to the packets in Upstream and Downstream directions if AVC and QoS are configured on the same WLAN:
Upstream
1.Packet comes with or without inner DSCP from wireless side (wireless client).
2.AP will add DSCP in the CAPWAP header that is configured on WLAN (QoS based config).
3.WLC will remove CAPWAP header.
4.AVC module on the controller will overwrite the DSCP to the configured marked value in the AVC profile and send it out.
Downstream
1.Packet comes from switch with or without inner DSCP wired side value.
2.AVC module will overwrite the inner DSCP value.
3.Controller will compare WLAN QoS configuration (as per 802.1p value that is actually 802.11e) with inner DSCP value that NBAR had overwritten. WLC will choose the lesser value and put it into CAPWAP header for DSCP.
4.WLC will send out the packet to AP with QoS WLAN setting on the outer CAPWAP and AVC inner DSCP setting.
5.AP strips the CAPWAP header and sends the packet on air with AVC DSCP setting; if AVC was not applied to an application then that application will adopt the QoS setting of the WLAN.
Here is the link for the protocol list supported by NBAR2 for your reference
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6558/ps6616/product_bulletin_c25-627831.html
Reference1. AVC Feature Deployment Guide (Phase-2), Software Release 7.5
2. BRKNMS-1040 : Managing AVC with Cisco Prime Infrastructure 2.0
mrn-cciew 
Great post, thanks! I’ve a 5500 version 7.4.121.0 but cannot find any datatype matching avc-protocol-pack. Is this enable on all 7.4 version or am I mising something?
Hi,
This featured added in 7.5.x onwards. So in 7.4 you cannot upgrade the AVC protocol pack independently & it is integrated with WLC software upgrade
HTH
Rasika
Thanks Rasika! I like your blog, very interesting post. Congratulations for your CCIEW.
Dude,Thank you 🙂
I hope this gives you answer to your previous query.
HTH
Rasika
dear nayarasi
can you share the pp-AIR-7.5-13-4.1.1.pack, because i dont know why it cant be download from cisco site, i only can downloand for 8.1 version… since my OS still on 7.5
thx before
Pls Text me your email
hi rasika,
do you have a post on how can WLC discover computer/device’s hostname and will reflect on the WLC DASHBOARD client table. instead of UNKNOWN client name, the device/BYOD hostname will appear.
is it possible to create an own NBAR pack for custom applications?
I do not think you can do it.
Hi Rasika,
please help me to understand. Does Cisco Wireless Release 8.5.140.0 need to update NBAR2 Advanced Protocol Pack 24.0.0 for Aereos 8.4 : NBAR2 Engine 23 pp-AIR-8.2.20-24.0.0.pack?
Read the article
https://www.cisco.com/c/en/us/td/docs/wireless/controller/nbar2_prot_pack/24-0-0/nbar-prot-pack2400/nbar-prot-pack2400_chapter_010100.html
Table 1 Compatibility Table
WLC Software Release 8.5 – NBAR Engine Used NBAR engine 23>24.0.0 (Optional upgrade)?
Where can you actually download these packs? I am trying to find one for an 1852i Mobility Express-based controller, but cannot find any.
ME APs it may come as one package, When you upgrade ME images, these AVC packages may upgraded. Usually it should be in download section of your product in CCO
Rasika
u[pload NBAR to WLC need reboot or not thank you
I mean after installed need reboot WLC like upgrade OS
No, WLC reload is not require