Configuring Application Visibility and Control
Download this chapter
Configuring Application Visibility and ControlConfiguring Application Visibility and Control
 Feedback

Configuring Application Visibility and Control

Information About Application Visibility and Control

Application Visibility and Control (AVC) classifies applications using Cisco's Deep Packet Inspection (DPI) techniques with Network-Based Application Recognition (NBAR) engine and provides application-level visibility and control into Wi-Fi network. After recognizing the applications, the AVC feature allows you to either drop or mark the traffic.

Using AVC, the controller can detect more than 1000 applications. AVC enables you to perform real-time analysis and create policies to reduce network congestion, costly network link usage, and infrastructure upgrades.

AVC is supported on the following controller platforms: Cisco 2500 Series Controllers, Cisco 5500 Series Controllers, Cisco Flex 7500 Series Controllers in central switching mode, Cisco 8500 Series Controllers, and Cisco WiSM2.

Guidelines and Limitations

  • IPv6 packet classification is not supported.
  • Layer 2 roaming is not supported across controllers.
  • Multicast traffic is not supported.

Configuring Application Visibility and Control (GUI)

    Step 1   Create and configure an AVC profile by following these steps:
    1. Choose Wireless > Application Visibility and Control > AVC Profiles.
    2. Click New and enter the AVC profile name.
    3. Click Apply.
    4. On the AVC Profile Name page, click the AVC profile name to open the AVC Profile > Edit page.
    5. Click Add New Rule.
    6. Choose the application group and the application name from the respective drop-down lists.

      See the list of default AVC applications available by choosing Wireless > Application Visibility and Control > AVC Applications.

    7. From the Action drop-down list, choose either of the following:
      • Drop—Drops the upstream and downstream packets that correspond to the chosen application.
      • Mark—Marks the upstream and downstream packets that correspond to the chosen application with the Differentiated Services Code Point (DSCP) value that you specify in the DSCP (0 to 63) drop-down list. The DSCP value helps you provide differentiated services based on the QoS levels.
        Note   

        The default action is to permit all applications.

    8. If you choose Mark from the Action drop-down list, choose a DSCP value from the DSCP (0 to 63) drop-down list.
      The DSCP value is a packet header code that is used to define quality of service across the Internet. The DSCP values are mapped to the following QoS levels:
      • Platinum (Voice)—Assures a high QoS for Voice over Wireless.
      • Gold (Video)—Supports the high-quality video applications.
      • Silver (Best Effort)—Supports the normal bandwidth for clients.
      • Bronze (Background)—Provides the lowest bandwidth for guest services.

      You can also choose Custom and specify the DSCP value. The valid range is from 0 to 63.

    9. Click Apply.
    10. Click Save Configuration.
    Step 2   Associate an AVC profile to a WLAN by following these steps:
    1. Choose WLANs and click the WLAN ID to open the WLANs > Edit page.
    2. In the QoS tab, choose the AVC profile from the AVC Profile drop-down list.
    3. Click Apply.
    4. Click Save Configuration.

    Configuring Application Visibility and Control (CLI)

    • Create or delete an AVC profile by entering this command: config avc profile avc-profile-name {create | delete}
    • Add a rule for an AVC profile by entering this command: config avc profile avc-profile-name rule add application application-name {drop | mark dscp-value}
    • Remove a rule for an AVC profile by entering this command: config avc profile avc-profile-name rule remove application application-name
    • Configure an AVC profile to a WLAN by entering this command: config wlan avc wlan-id profile avc-profile-name {enable | disable}
    • Configure application visibility for a WLAN by entering this command: config wlan avc wlan-id visibility {enable | disable}

      Note

      Application visibility is the subset of an AVC profile. Therefore, visibility is automatically enabled when you configure an AVC profile on the WLAN.

    • See information about AVC profiles by entering this command: show avc profile {summary | detailed avc-profile-name}
    • See information about AVC applications by entering this command: show avc applications [application-group]
    • See various statistical information about AVC by entering this command: show avc statistics
    • Configure troubleshooting AVC events by entering this command: debug avc events {enable | disable}
    • Configure troubleshooting of AVC errors by entering this command: debug avc error {enable | disable}

    Configuring NetFlow

    Information About NetFlow

    NetFlow is a protocol that provides information about network users and applications, peak usage times, and traffic routing. The NetFlow protocol collects IP traffic information from network devices to monitor traffic. The NetFlow architecture consists of the following components:
    • Collector—Entity that collects all the IP traffic information from various network elements.
    • Exporter—Network entity that exports the template with the IP traffic information. The controller acts as an exporter.

    Configuring NetFlow (GUI)

      Step 1   Configure the Exporter by following these steps:
      1. Choose Wireless > Netflow > Exporter.
      2. Click New.
      3. Enter the Exporter name, IP address, and the port number.

        The valid range for the port number is from 1 to 65535.

      4. Click Apply.
      5. Click Save Configuration.
      Step 2   Configure the NetFlow Monitor by following these steps:
      1. Choose Wireless > Netflow > Monitor.
      2. Click New and enter the Monitor name.
      3. On the Monitor List page, click the Monitor name to open the Netflow Monitor > Edit page.
      4. Choose the Exporter name and the Record name from the respective drop-down lists.
      5. Click Apply.
      6. Click Save Configuration.
      Step 3   Associate a NetFlow Monitor to a WLAN by following these steps:
      1. Choose WLANs and click the WLAN ID to open the WLANs > Edit page.
      2. In the QoS tab, choose the NetFlow Monitor from the Netflow Monitor drop-down list.
      3. Click Apply.
      4. Click Save Configuration.

      Configuring NetFlow (CLI)

      • Create an Exporter by entering this command: config flow create exporter exporter-name ip-addr port-number
      • Create a NetFlow Monitor by entering this command: config flow create monitor monitor-name
      • Associate or dissociate a NetFlow Monitor with an Exporter by entering this command: config flow {add | delete} monitor monitor-name exporter exporter-name
      • Associate or dissociate a NetFlow Monitor with a Record by entering this command: config flow {add | delete} monitor monitor-name record ipv4_client_app_flow_record
      • Associate or dissociate a NetFlow Monitor with a WLAN by entering this command: config wlan flow wlan-id monitor monitor-name {enable | disable}
      • See a summary of NetFlow Monitors by entering this command: show flow monitor summary
      • See information about the Exporter by entering this command: show flow exporter {summary | statistics}
      • Configure a debug of NetFlow by entering this command: debug flow {detail | error | info} {enable | disable}