Consolidated Platform Configuration Guide, Cisco IOS XE 3.3SE (Catalyst 3850 Switches)
Configuring Application Visibility and Control
Downloads: This chapterpdf (PDF - 1.31 MB) The complete bookPDF (PDF - 28.73 MB) | Feedback

Configuring Application Visibility and Control

Configuring Application Visibility and Control

Finding Feature Information

Your software release may not support all of the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http:/​/​www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

Information About Application Visibility and Control

Application Visibility and Control (AVC) classifies applications using deep packet inspection techniques with the Network-Based Application Recognition engine, and provides application-level visibility and control (QoS) in wireless networks. After the applications are recognized, the AVC feature enables you to either drop, mark, or police the data traffic.

Using AVC, we can detect more than 1000 applications. AVC enables you to perform real-time analysis and create policies to reduce network congestion, costly network link usage, and infrastructure upgrades.

Note


You can view list of 30 applications in Top Applications in Monitor Summary section of the UI.

Restrictions for Application Visibility and Control

Configuring Application Visibility (GUI)

You can apply the default flow record (wireless avc basic) to the default flow monitor (wireless-avc-basic).

If you are using the flow record and flow monitor you have created, then the record name and monitor name should be same. This is specific only for configuring AVC from GUI and not for the CLI configuration.

You can use the flow monitor you have created either for upstream or downstream, or both, but ensure that you use the same record name while mapping with the flow monitor.


    Step 1   Choose Configuration > Wireless > WLAN.

    The WLAN page appears.

    Step 2   Click on the corresponding WLAN ID to open the WLAN > Edit page and click AVC.

    The Application Visibility page appears.

    1. Select the Application Visibility Enabled check box to enable AVC on a WLAN.
    2. In the Upstream Profile text box, enter the name of the AVC profile.
    3. In the Downstream Profile text box, enter the name of the AVC profile.

    To enable AVC, you need to enter the profile names for the upstream and downstream profiles. The profile names are the flow monitor names. By default, the flow monitor names (wireless-avc-basic) appear in the Upstream Profile and Downstream Profile text boxes. For the default flow monitor, the default flow record (wireless avc basic) will be taken. The default flow record is generated by the system and is available.

    You can change the profile names for the upstream and downstream profiles but ensure that the same flow records are available for the flow monitors.

    The upstream and downstream profiles can have different profile names but there should be flow records available for the flow monitors.

    Step 3   Click Apply to apply AVC on the WLAN.
    Step 4   To disable AVC on a specific WLAN, perform the following steps:
    • Choose Configuration > Wireless > WLAN to open the WLAN page.
    • Click on the corresponding WLAN ID to open the WLAN > Edit page.
    • Click AVC to open the Application Visibility page.
    • Uncheck the Application Visibility Enabled check box.
    • Click Apply to disable AVC on the specific WLAN.

    Monitoring Application Visibility and Control (CLI)

    This section describes the new commands for application visibility.

    The following commands can be used to monitor application visibility on the switch and access points.

    Table 1 Monitoring Application Visibility Commands on the switch

    Command

    Purpose

    show avc client client-mac top n application [aggregate | upstream | downstream]

    Displays information about top "N" applications for the given client MAC.

    show avc wlan ssid top n application [aggregate | upstream | downstream]

    Displays information about top "N" applications for the given SSID.

    avc top user[enable | disable]

    Enables or disables the information about top "N" application.

    show avc wlan wlan-id application app name topN [aggregate | upstream | downstream]

    Displays to know network usage information on a per user basis within an application

    show wlan id wlan-id

    Displays information whether AVC is enabled or disabled on a particular WLAN.

    show flow monitor flow_monitor_name cache

    Displays information about flow monitors.

    show wireless client mac-address mac-address service-policy { input | output }

    Displays information about policy mapped to the wireless clients.

    show policy-map target

    show policy-map

    show policy-map policy-name

    Displays information about policy map.

    Table 2 Clearing Application Visibility Statistics Commands

    Command

    Purpose

    clear avc client mac stats

    Clears the statistics per client.

    clear avc wlan wlan-name stats

    Clears the statistics per WLAN.

    Monitoring Application Visibility and Control (GUI)

    You can view AVC information on a WLAN in a single shot using a AVC on WLAN pie chart on the Home page of the switch. The pie chart displays the AVC data (Aggregate - Application Cumulative usage %) of the first WLAN. In addition, the top 5 WLANs based on clients are displayed first. Click on any one of the WLANs to view the corresponding pie chart information. If AVC is not enabled on the first WLAN, then the Home page does not display the AVC pie chart.


      Step 1   Choose Monitor > Controller > AVC > WLANs.

      The WLANs page appears.

      Step 2   Click the corresponding WLAN profile.

      The Application Statistics page appears.

      From the Top Applications drop-down list, choose the number of top applications you want to view and click Apply. The valid range is between 5 to 30, in multiples of 5.

      1. On the Aggregate, Upstream, and Downstream tabs, you can view the application cumulative and last 90 seconds statistics and usage percent with the following fields:
        • Application name

        • Packet count

        • Byte count

        • Average packet size

        • usage (%)

      Step 3   Choose Monitor > Clients > Client Details > Clients.

      The Clients page appears.

      Step 4   Click Client MAC Address and then click AVC Statistics tab.

      The Application Visibility page appears.

      1. On the Aggregate, Upstream, and Downstream tabs, you can view the application cumulative and last 90 seconds statistics and usage percent with the following fields:
        • Application name

        • Packet count

        • Byte count

        • Average packet size

        • usage (%)


      Examples: Application Visibility Configuration

      This example shows how to create a flow record, create a flow monitor, apply the flow record to the flow monitor, and apply the flow monitor on a WLAN:
      Switch# configure terminal
      Switch(config)# flow record fr_v4
      Switch(config-flow-record)# match ipv4 protocol
      Switch(config-flow-record)# match ipv4 source address
      Switch(config-flow-record)# match ipv4 destination address
      Switch(config-flow-record)# match transport destination-port
      Switch(config-flow-record)# match flow direction
      Switch(config-flow-record)# match application name
      Switch(config-flow-record)# match wireless ssid
      Switch(config-flow-record)# collect counter bytes long
      Switch(config-flow-record)# collect counter packets long
      Switch(config-flow-record)# collect wireless ap mac address
      Switch(config-flow-record)# collect wireless client mac address
      Switch(config)#end
      
      
      Switch# configure terminal
      Switch# flow monitor fm_v4
      Switch(config-flow-monitor)# record fr_v4
      Switch(config-flow-monitor)# cache timeout active 1800
      Switch(config)#end
      
      
      Switch(config)#wlan wlan1
      Switch(config-wlan)#ip flow monitor fm_v4 input
      Switch(config-wlan)#ip flow mon fm-v4 output
      Switch(config)#end
      

      Additional References for Application Visibility and Control

      Related Documents

      Related Topic Document Title
      System management commands

      System Management Command Reference Guide, Cisco IOS XE Release 3SE (Cisco WLC 5700 Series)

      Flexible NetFlow configuration

      Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Cisco WLC 5700 Series)

      Flexible NetFlow commands

      Flexible NetFlow Command Reference, Cisco IOS XE Release 3SE (Cisco WLC 5700 Series)

      QoS configuration

      QoS Configuration Guide, Cisco IOS XE Release 3E (Cisco WLC 5700 Series)

      QoS commands

      QoS Command Reference, Cisco IOS XE Release 3E (Cisco WLC 5700 Series)

      Standards and RFCs

      Standard/RFC Title
      None

      MIBs

      MIB MIBs Link
      All supported MIBs for this release.

      To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

      http:/​/​www.cisco.com/​go/​mibs

      Technical Assistance

      Description Link

      The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.

      To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.

      Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.

      http:/​/​www.cisco.com/​support

      Feature History and Information For Application Visibility and Control

      Release Feature Information
      Cisco IOS XE 3.3SE This feature was introduced.

      Cisco IOS XE 3E

      AVC control with QoS was introduced.