System Management Configuration Guide, Cisco IOS XE Release 3SE (Cisco WLC 5700 Series)
Configuring Application Visibility and Control
Downloads: This chapterpdf (PDF - 1.31MB) The complete bookPDF (PDF - 3.97MB) | The complete bookePub (ePub - 560.0KB) | The complete bookMobi (Mobi - 1.14MB) | Feedback

Configuring Application Visibility and Control

Configuring Application Visibility and Control

Finding Feature Information

Your software release may not support all of the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http:/​/​www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

Information About Application Visibility and Control

Application Visibility and Control (AVC) classifies applications using deep packet inspection techniques with the Network-Based Application Recognition (NBAR2) engine, and provides application-level visibility and control (QoS) in wireless networks. After the applications are recognized, the AVC feature enables you to either drop or mark the data traffic.

Using AVC, we can detect more than 1000 applications. AVC enables you to perform real-time analysis and create policies to reduce network congestion, costly network link usage, and infrastructure upgrades.

Note


You can view list of 30 applications in Top Applications in Monitor Summary section of the UI.

AVC QoS actions are applied with AVC filters in both upstream and downstream directions. The QoS actions supported for upstream flow are drop, mark, and police, and for downstream flow are mark and police. AVC QoS is applicable only when the application is classified correctly and matched with the filter in the policy map. For example, if the policy has a filter based on an application name, and the traffic has also been classified to the same application name, then the action specified for this match in the policy, will get applied. For all QoS actions, refer Supported AVC Class Map and Policy Map formats.

Restrictions for Application Visibility and Control

  • AVC is supported only on the following access points:
    • Cisco Aironet 1040 Series Access Points
    • Cisco Aironet 1140 Series Access Points
    • Cisco Aironet 1260 Series Access Points
    • Cisco Aironet 1530 Series Access Points
    • Cisco Aironet 1600 Series Access Points
    • Cisco Aironet 2600 Series Access Point
    • Cisco Aironet 2600 Series Wireless Access Points
    • Cisco Aironet 2700 Series Access Point
    • Cisco Aironet 3500 Series Access Points
    • Cisco Aironet 3600 Series Access Points
    • Cisco Aironet 7021 Series Access Point
    • Cisco Aironet 702W Series Access Point
  • The capability of dropping or marking the data traffic (control part) is not supported for the software release 3.3.
  • The capability of dropping or marking the data traffic (control part) is supported in the software release 3.6E.
  • Multicast traffic classification is not supported.
  • IPv6 including ICMPv6 traffic classifications are not supported.
  • Datalink is not supported for NetFlow fields for AVC.
  • The following commands are not supported for AVC flow records:
    • collect flow username
    • collect interface { input | output}
    • collect wireless client ipv4 address
    • match interface { input | output}
    • match transport igmp type
  • The template timeout cannot be modified on exporters configured with AVC. Even if the template timeout value is configured to a different value, only the default value of 600 seconds is used.
  • For the username information in the AVC-based record templates, ensure that you configure the options records to get the user MAC address to username mapping. For more information, refer Creating a Flow Exporter (Optional).

Configuring Application Visibility and Control (GUI)

You can apply the default flow record (wireless avc basic) to the default flow monitor (wireless-avc-basic).

If you are using the flow record and flow monitor you have created, then the record name and monitor name should be same. This is specific only for configuring AVC from GUI and not for the CLI configuration.

You can use the flow monitor you have created either for upstream or downstream, or both, but ensure that you use the same record name while mapping with the flow monitor.


    Step 1   Choose Configuration > Wireless > WLAN.

    The WLAN page appears.

    Step 2   Click on corresponding WLAN ID to open WLAN Edit page and click AVC.

    The Application Visibility page appears.

    1. Select the Application Visibility Enabled check box to enable AVC on a WLAN.
    2. In the Upstream Profile text box, enter the name of the AVC profile.
    3. In the Downstream Profile text box, enter the name of the AVC profile.

    To enable AVC, you need to enter the profile names for the upstream and downstream profiles. The profile names are the flow monitor names. By default, the flow monitor names (wireless-avc-basic) appear in the Upstream Profile and Downstream Profile text boxes. For the default flow monitor, the default flow record (wireless avc basic) will be taken. The default flow record is generated by the system and is available.

    You can change the profile names for the upstream and downstream profiles but ensure that the same flow records are available for the flow monitors.

    The upstream and downstream profiles can have different profile names but there should be flow records available for the flow monitors.

    Step 3   Click Apply to apply AVC on the WLAN.
    Step 4   Uncheck the Application Visibility Enabled check box on the WLAN page.

    AVC is disabled on WLAN.

    Step 5   Click Apply.

    Monitoring Application Visibility and Control (CLI)

    This section describes the new commands for application visibility.

    The following commands can be used to monitor application visibility on the controller and access points.

    Table 1 Monitoring Application Visibility Commands on the controller

    Command

    Purpose

    show avc client client-mac top n application [aggregate | upstream | downstream]

    Displays information about top "N" applications for the given client MAC.

    show avc wlan ssid top n application [aggregate | upstream | downstream]

    Displays information about top "N" applications for the given SSID.

    show wlan id wlan-id

    Displays information whether AVC is enabled or disabled on a particular WLAN.

    show flow monitor flow_monitor_name cache

    Displays information about flow monitors.

    show wireless client mac-address mac-address service-policy { input | output }

    Displays information about policy mapped to the wireless clients.

    show policy-map target

    show policy-map

    show policy-map policy-name

    Displays information about policy map.

    Table 2 Clearing Application Visibility Statistics Commands

    Command

    Purpose

    clear avc client mac stats

    Clears the statistics per client.

    clear avc wlan wlan-name stats

    Clears the statistics per WLAN.

    Monitoring Application Visibility and Control (GUI)

    You can view AVC information on a WLAN in a single shot using a AVC on WLAN pie chart on the Home page of the controller. The pie chart displays the AVC data (Aggregate - Application Cumulative usage %) of the first WLAN. In addition, the top 5 WLANs based on clients are displayed first. Click on any one of the WLANs to view the corresponding pie chart information. If AVC is not enabled on the first WLAN, then the Home page does not display the AVC pie chart.


      Step 1   Choose Monitor > Controller > AVC > WLANs.

      The WLANs page appears.

      Step 2   Click the corresponding WLAN profile.

      The Application Statistics page appears.

      From the Top Applications drop-down list, choose the number of top applications you want to view and click Apply. The valid range is between 5 to 30, in multiples of 5.

      1. On the Aggregate, Upstream, and Downstream tabs, you can view the application cumulative and last 90 seconds statistics and usage percent with the following fields:
        • Application name
        • Packet count
        • Byte count
        • Average packet size
        • usage (%)
      Step 3   Choose Monitor > Clients > Client Details > Clients.

      The Clients page appears.

      Step 4   Click Client MAC Address and then click AVC Statistics tab.

      The Application Visibility page appears.

      1. On the Aggregate, Upstream, and Downstream tabs, you can view the application cumulative and last 90 seconds statistics and usage percent with the following fields:
        • Application name
        • Packet count
        • Byte count
        • Average packet size
        • usage (%)

      Examples: Application Visibility and Control Configuration

      This example shows how to create a flow record, create a flow monitor, apply the flow record to the flow monitor, and apply the flow monitor on a WLAN:
      Controller# configure terminal
      Controller(config)# flow record fr_v4
      Controller(config-flow-record)# match ipv4 protocol
      Controller(config-flow-record)# match ipv4 source address
      Controller(config-flow-record)# match ipv4 destination address
      Controller(config-flow-record)# match transport destination-port
      Controller(config-flow-record)# match flow direction
      Controller(config-flow-record)# match application name
      Controller(config-flow-record)# match wireless ssid
      Controller(config-flow-record)# collect counter bytes long
      Controller(config-flow-record)# collect counter packets long
      Controller(config-flow-record)# collect wireless ap mac address
      Controller(config-flow-record)# collect wireless client mac address
      Controller(config)#end
      
      
      Controller# configure terminal
      Controller# flow monitor fm_v4
      Controller(config-flow-monitor)# record fr_v4
      Controller(config-flow-monitor)# cache timeout active 1800
      Controller(config)#end
      
      
      Controller(config)#wlan wlan1
      Controller(config-wlan)#ip flow monitor fm_v4 input
      Controller(config-wlan)#ip flow mon fm-v4 output
      Controller(config)#end
      

      Additional References for Application Visibility and Control

      Related Documents

      Related Topic Document Title
      System management commands

      System Management Command Reference Guide, Cisco IOS XE Release 3SE (Cisco WLC 5700 Series)

      Flexible NetFlow configuration

      Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Cisco WLC 5700 Series)

      Flexible NetFlow commands

      Flexible NetFlow Command Reference, Cisco IOS XE Release 3SE (Cisco WLC 5700 Series)

      QoS configuration

      QoS Configuration Guide, Cisco IOS XE Release 3E (Cisco WLC 5700 Series)

      QoS commands

      QoS Command Reference, Cisco IOS XE Release 3E (Cisco WLC 5700 Series)

      Standards and RFCs

      Standard/RFC Title
      None

      MIBs

      MIB MIBs Link
      All supported MIBs for this release.

      To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

      http:/​/​www.cisco.com/​go/​mibs

      Technical Assistance

      Description Link

      The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.

      To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.

      Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.

      http:/​/​www.cisco.com/​support

      Feature History and Information For Application Visibility and Control

      Release Feature Information
      Cisco IOS XE 3.3SE This feature was introduced.