Cannot recieve Netflow from Cisco Wireless controller..
Hi all,
Got a slight problem in that we have a Cisco wireless controller configured to send a 12.3.4.16 AMD Netflow ( which we see the UDP packets on the interface) but it never appears as a flow source in the AMD configuration. We tested another Netflow source to see if it was an AMD issue and that worked fine,, e.g it appeared as a flow source...
Any ideas???
Regards
Anthony Percy
Found out some further info ...
It appears the Cisco Wireless WLC netflow field format is unusual in that it has these fields..
• applicationTag
• ipDiffServCodePoint
• octetDeltaCount
• packetDeltaCount
• postIpDiffServCodePoint
• staIPv4Address
• staMacAddress
• wlanSSID
• wtpMacAddress
This article gives a good explanation of a problem with Solar winds ignoring this Netflow format in 2014 http://mrncciew.com/2013/02/13/who-really-support-wlc-netflow/
Could our NFC collector be doing the same?
Regards
AP
Best Answer
The wireless access point is a L2 device and as such the flow records and the template it uses do not contain L3 source and destination information, which is required for recognition and used in conjunction with the direction and application Id to match ingress and egress flows together. It also has limited options in terms of template and metric options. if possible try using a different NetFlow source form a device downstream form the wireless access point.
You shouldn't really need to go backwards in Netflow versions. Try opening a support ticket since some of the more the subtle things in NF can be daunting.
Can you force the device to send NetFlow v5 format? It's fixed and we support it.
