Configure Telemetry

Application telemetry overview

Application telemetry allows you to configure global network settings on devices for monitoring and assessing their health.

Configure syslog, SNMP traps, NetFlow Collector servers, and wired client data collection using telemetry

With Catalyst Center, you can configure global network settings when devices are assigned to a specific site. Telemetry polls network devices and collects telemetry data according to the settings in the SNMP server, syslog server, NetFlow Collector, or wired client.

Before you begin

Create a site and assign a device to the site. See Create, edit, and delete a site.

Procedure

Step 1

From the main menu, choose Design > Network Settings > Telemetry.

Step 2

In the SNMP Traps area, do one of these tasks:

  • Check the Use Catalyst Center as SNMP trap server check box.
  • Check the Add an external SNMP trap server check box and enter the IP address of the external SNMP trap server. The selected server collects SNMP traps and messages from the network devices.

Step 3

In the Syslogs area, do one of these tasks:

  • Check the Use Catalyst Center as syslog server check box.
  • Check the Add an external syslog server check box and enter the IP address of the external syslog server.

Step 4

In the Application Visibility area, check the Enable by default on wired access devices check box to enable Application Telemetry and Controller-Based Application Recognition (CBAR) by default upon the network device site assignment.

Do one of these tasks:

  • Click the Use Catalyst Center as NetFlow collector radio button. The NetFlow configuration on the device interfaces is completed only when you enable application telemetry on the device. Select the NetFlow collector at the site level to configure the NetFlow destination server to the device.
  • Click the Add Cisco Telemetry Broker (CTB) radio button and add the IP address and port number of the Cisco Telemetry Broker. The Cisco Telemetry Broker collects NetFlow records from the device and sends the information to the destination.

    Note

     

    Catalyst Center must be configured as a destination in Cisco Telemetry Broker to receive NetFlow records. If Catalyst Center is not configured as a destination, the Application Experience does not work.

Step 5

In the Wired Endpoint Data Collection area, click the Enable Catalyst Center Wired Endpoint Data Collection At This Site radio button to turn on IP Device Tracking (IPDT) on the access devices of the site.

If you don't want to enable IPDT for the site, click the Disable Catalyst Center Wired Endpoint Data Collection At This Site radio button (the default).

After enabling IPDT, clients connected to access ports are visible in Catalyst Center. Clients connected to trunk ports and port channels aren’t visible in Catalyst Center.

Note

 

You must enable IPDT to preview the CLI configuration. When provisioning a device, you can preview the CLI configuration before deploying it on the device.

Step 6

In the Wireless Controller, Access Point and Wireless Clients Health area, check the Enable Wireless Telemetry check box to monitor the health of the wireless controllers, APs, and wireless clients in your network.

Step 7

Click Save.

Criteria for enabling application telemetry on devices

Catalyst Center automatically enables application telemetry on all applicable interfaces or WLANs that are selected based on the new automatic interfaces or WLAN selection algorithm.


Note

  • The conventional tagging-based algorithm is supported and has precedence over the newer automatic interfaces or WLAN selection algorithm.

  • If you want to switch over from the automatic selection algorithm to the tagging-based algorithm, you must disable telemetry before provisioning the tagged SSIDs to the devices.

This table provides the criteria for selecting interfaces and WLANs based on the conventional tagging-based algorithm (with lan keyword) and the new automatic selection algorithm for all the supported platforms:

Platform Conventional tagging-based algorithm Automatic selection algorithm

Router

  • Interface description has the lan keyword.1, 2

  • Interface has an IP address other than the management IP address.

  • Interface has an IP address other than the management IP address.

  • Interface is not any of these types:

    • WAN

      Note

       

      An interface is treated as a WAN-facing interface if it has a public IP address, and if there is a route rule with a public IP address that routes through the interface.

      In this context, a public IP address is not in a private range (for example, not in 192.168.x.x, 172.16.y.y, 10.z.z.z), or is an IP address that is not in the system's IP pools.

      Route rules can be dynamically learned. In this context, the show ip route command does not show a route to a public IP address that goes through this interface.

    • Loopback.

    • Management interface: GIGABITETHERNET0, GIGABITETHERNET0/0, MGMT0, FASTETHERNET0, or FASTETHERNET1.

Switch

  • Interface description has the lan keyword.1, 2

  • Switch port is configured as an access port.

  • Switch port is configured with the switch-mode access command.

  • Interface is a physical interface.

  • Access port does not have neighbors.

  • Interface is not any of these types:

    • Management interface: FASTETHERNET0, FASTETHERNET1, GIGABITETHERNET0/0, or MGMT0

    • LOOPBACK0, Bluetooth, App Gigabit, WPAN, Cellular, or Async

    • VSL interface.

Cisco AireOS Controller

WLAN profile name is tagged with the lan keyword.1, 2

If the SSIDs are mixed, that is Local mode, Flex mode, and Fabric mode, Wireless Service Assurance (WSA) processing is enabled. If all the SSIDs are in Local mode, NetFlow is enabled.

Cisco Catalyst 9800 Series Wireless Controller with Optimized Application Performance Monitoring (APM) profile and IOS 16.12.1 and later.

WLAN profile name is tagged with the lan keyword.1, 2

If the SSIDs are mixed—that is, central switching, Flex mode, and Fabric mode—the Cisco Application Visibility and Control (AVC) basic record is configured. If all the SSIDs use central switching, the Optimized APM record is configured.

For Cisco Catalyst 9800 Series Wireless Controllers with IOS 17.10 and later, Catalyst Center pushes the APM profile, not the AVC basic profile, for flex and fabric SSIDs.

Note

 
If you want to update the telemetry configuration, you must disable telemetry and then enable it after making the configuration changes.

Catalyst Center Traffic Telemetry Appliance with Optimized APM profile and IOS 17.3 and later.

  • Interface description has the lan keyword.1, 2

  • Interface is a physical interface.

  • Interface is a physical interface.

  • Interface is not a management interface: GIGABITETHERNET0, GIGABITETHERNET0/0, MGMT0, FASTETHERNET0, and FASTETHERNET1.
1 The lan keyword is case insensitive and can be separated by a space, hyphen, or underscore.
2 Resynchronize the network device to read the lan keyword.

For example, to use the conventional tagging-based algorithm to enable application telemetry:

  • the WLAN profile name test-lan on this Cisco Catalyst 9800 Series Wireless Controller includes the lan keyword: 

    WLAN Profile Name               SSID                     VLAN Status
--------------------------------------------------------------------------------
1    test-lan                   test1-ssid               137   UP

  • the interface description wired-lan on this switch includes the lan keyword: 

    interface GigabitEthernet1/0/1
description wired-lan

Provision application telemetry settings

Configure global telemetry settings as described in Configure syslog, SNMP traps, NetFlow Collector servers, and wired client data collection using telemetry.

Procedure

Step 1

From the main menu, choose Provision > Network Devices > Inventory.

The Inventory window displays the device information gathered during the discovery process. To view devices available in a particular site, expand the Global site in the left pane and select the site, building, or floor.

Step 2

Select the devices that you want to provision.

Step 3

From the Actions drop-down list, select Telemetry and do one of these steps:

Note

 

The Enable Application Telemetry and Disable Application Telemetry options are enabled only when the device supports application telemetry from Catalyst Center.

  1. Enable Application Telemetry: To configure application telemetry for the selected devices.

  2. Disable Application Telemetry: To remove the application telemetry configuration from the chosen devices.

Step 4

Click Apply.

The Application Telemetry column shows the telemetry configuration status. If you don’t see the Application Telemetry column in the default column setting, click the ellipsis icon () at the right end of the column headings and check the Application Telemetry check box.

Enable application telemetry for wireless controllers

You can enable application telemetry for new and existing devices.


Note

You can also enable Application Telemetry from the Application Visibility window. For more information, see Enable Application Telemetry.

Before you begin

To enable application telemetry, devices must have the Advantage license.

Note

Before enabling application telemetry in Catalyst Center, ensure to delete any existing flow monitors configured manually from Configuration > Services > Application Visibility > Flow Monitors through the Cisco Catalyst 9800 Series Wireless Controller GUI.

Procedure

Step 1

From the main menu, choose Provision > Network Devices > Inventory.

Step 2

To view devices available in a particular site, expand the Global site in the left pane, and choose the site, building, or floor.

Step 3

In the Inventory window, choose the device. You can choose multiple devices at a time.

Step 4

From the Action drop-down list, choose Telemetry > Enable Application Telemetry.

Step 5

In the Enable Telemetry slide-in pane, complete these settings:

  1. AP mode: Check the Flex/Fabric or Local check box. You can also choose both options.

  2. To enable telemetry for guest SSIDs, check the Include Guest SSID check box.

    Note

     

    If an SSID name contains the guest keyword, to enable telemetry for the SSID, you must check the Include Guest SSID check box even if the is SSID for an enterprise wireless network.

  3. Telemetry Source:

    • Embedded Wireless Controllers - NetFlow

    • AireOS wireless controller (Local mode) - NetFlow

    • AireOS wireless controller (Flex/Fabric mode) - Wireless Service Assurance (WSA)

  4. To apply the same settings for all wireless controllers, check Apply this selection to all wireless controllers.

  5. Click Next.

  6. Click the Generate Configure Preview radio button and click Preview.

    In the Enable Application Telemetry Task window, Catalyst Center displays a side-by-side comparison of the running configuration and the planned configuration for the first listed device.

    In the Enable Application Telemetry Task window, do these tasks:

    • Review the device configurations and then, when you’re ready, click Deploy.

    • Choose the Now or Later scheduling option and click Deploy.

    Note

     

    The Application Telemetry column shows the application telemetry deployment status.

    If the application telemetry deployment fails for a device, click the link under Application Telemetry Deployment Status column to view the failure reason.

Update telemetry settings to use a new cluster virtual IP address

If you are using the Catalyst Center application telemetry to monitor device data, and you need to change the Catalyst Center enterprise virtual IP address (VIP), complete these steps to change the VIP and to ensure that node telemetry data is sent to the new VIP.

Before you begin

  • Determine the version of Catalyst Center that you are using. You can check for the version by logging in to the Catalyst Center GUI and using the About option to view the Catalyst Center version number.

  • Obtain SSH client software.

  • Identify the VIP address that was configured for the 10-GB interface facing the enterprise network on the Catalyst Center primary node. Log in to the appliance using this address, on port 2222. To identify this port, see the rear-panel figure in the "Front and Rear Panels" section in the Cisco Catalyst Center Installation Guide.

  • Get the Linux username (maglev) and password configured on the primary node.

  • Identify the cluster VIP that you want to assign. The cluster VIP must conform to the requirements explained in the "Required IP Addresses and Subnets" section in the Cisco Catalyst Center Installation Guide.

Procedure

Step 1

Access the Catalyst Center GUI and disable application telemetry at all the sites using these steps:

  1. From the main menu, choose Provision > Network Devices > Inventory.

    The Inventory window displays the device information gathered during the discovery process. To view devices available in a particular site, expand the Global site in the left pane, and select the site, building, or floor.

  2. Choose all the sites and devices currently being monitored.

  3. From the Actions drop-down list, choose Telemetry > Disable Application Telemetry.

  4. Wait for the sites and devices to show that telemetry has been disabled.

Step 2

Use the appliance Configuration wizard to change the cluster VIP:

  1. Using an SSH client, log in to the VIP address that was configured for the 10-GB interface facing the enterprise network on the Catalyst Center primary node. Be sure to log in on port 2222.

  2. When prompted, enter the Linux username and password.

  3. Enter this command to access the Configuration wizard on the primary node:

    $ sudo maglev-config update

    If you are prompted for the Linux password, enter it again.

  4. Click [Next] until the screen prompting you for the cluster virtual IP appears. Enter the new cluster VIP, then click [Next] to proceed through the remaining screens of the wizard.

    You must configure one virtual IP per configured interface. We recommend that you enter the sudo maglev-config update command so that the wizard prompts you to provide one VIP per configured interface.

    When you reach the final screen, a message appears, stating that the wizard is ready to apply your changes.

  5. Click [proceed] to apply the cluster VIP change.

    At the end of the configuration process, a success message appears and the SSH prompt reappears.

Step 3

Restart the necessary Catalyst Center services by entering this series of commands at the SSH prompt: 

magctl service restart -d collector-netflow
magctl service restart -d collector-syslog
magctl service restart -d collector-trap
magctl service restart -d wirelesscollector

Step 4

Wait for all the services to restart. You can monitor the progress of the restarts by entering this command, substituting service names as needed for the release train appropriate for your Catalyst Center version. 

magctl appstack status | grep -i -e collector-netflow -e collector-syslog -e collector-trap -e wirelesscollector

When all the necessary services are running, you see command output similar to this output, with a Running status for each service that has restarted successfully: 

assurance-backend  wirelesscollector-123-bc99s  1/1   Running   0   25d   <IP>   <IP>
ndp   collector-netflow-456-lxvlx   1/1   Running   0   1d   <IP>   <IP>
ndp   collector-syslog-789-r0rr1    1/1   Running   0   25d   <IP>   <IP>
ndp   collector-trap-101112-3ppllm  1/1   Running   0   25d   <IP>   <IP>

Step 5

Access the Catalyst Center GUI and Enable Application Telemetry to all nodes:

  1. From the main menu, choose Provision > Network Devices > Inventory.

  2. Choose all the sites and devices that you want to monitor.

  3. From the Actions drop-down list, choose Telemetry > Enable Application Telemetry.

  4. Wait for the sites and devices to show that telemetry has been enabled.

Update device configuration using telemetry

Use this procedure to push configuration changes to a device regardless of whether device controllability is enabled or disabled.

Procedure

Step 1

From the main menu, choose Provision > Inventory.

The Inventory window displays the device information gathered during the discovery process. To view devices available in a particular site, expand the Global site in the left pane and choose the area, building, or floor.

Step 2

Choose the devices on which you want to update the configuration changes.

Step 3

From the Actions drop-down list, choose Telemetry > Update Telemetry Settings.

The Update Telemetry Settings slide-in pane opens.

Step 4

(Optional) Check the Force Configuration Push check box to push the configuration changes to the device.

If there is no change in the configuration settings, the existing configuration is pushed again to the device.

Step 5

Click Next.

Step 6

Schedule the task for deployment.

Depending on Visibility and Control of Configurations settings, you can either:

Note

 

During configuration preview, the PKCS12 certificate isn't generated as the certificate must be used within 15 minutes. The Preview Configuration window displays only the relevant configuration commands. When you deploy the configuration after previewing it, the PKCS12 certificate is generated and pushed to the device.

Step 7

On the Tasks window, monitor the task deployment.