ExtremeWireless (Identifi)

Expand all | Collapse all

Purview Integration Wireless Controller 9.21

  • 1.  Purview Integration Wireless Controller 9.21

    Posted 07-08-2015 15:56
    Hi community,

    has anyone integrated the wireless solution V 9.21 into Purview? I get the TopN Mirror up and running but I don't get netflow packets.

    Netflow is configured in the section "VNS->Global->NetflowMirrorN"
    There I configured the Mgmt IP of my Purview instance and choose esa1 as my L2 Mirror Port.

    Any idea?

    Best Regards
    Michael


  • 2.  RE: Purview Integration Wireless Controller 9.21

    Posted 07-08-2015 16:12
    I also enabled the Netflow flag in the Wireless Service Advanced section.
    Still no netflow...


  • 3.  RE: Purview Integration Wireless Controller 9.21

    Posted 07-08-2015 16:29
    Hi Michael,

    What version of NMS are you running? You will require Netsight 6.3 as well. NetSight 6.3 is schedule for Early Access at the end-of-the-month.

    Paulo



  • 4.  RE: Purview Integration Wireless Controller 9.21

    Posted 07-08-2015 16:46
    Hi Paulo,

    thanks for the reply. I'm running NetSight 6.2. But what has the NetSight Version to do whether the wireless controller sends out netflow packets or not? In my opinion this is more WIreless controller related.

    Best Regards
    Michael


  • 5.  RE: Purview Integration Wireless Controller 9.21

    Posted 07-08-2015 18:08
    Hi Michael,

    The 9.21 Wireless controller is sending out Netflow packets... However, it is sending it on Port 2095. NS/Purview6.2 does not listen on that port and therefore does not display any Netflow data. You need Purview6.3 in order to receive and analyze the records.

    Therefore you need a minimum base of NetSight/Purview 6.3 in order for the integration to work correctly.



  • 6.  RE: Purview Integration Wireless Controller 9.21



  • 7.  RE: Purview Integration Wireless Controller 9.21

    Posted 07-20-2015 18:11
    Hey guys, I also prepare my WLAN infrastructure for Purview and I'd need your input.

    I've a single SSID/BYOD/NAC deployment with most of my APs in the office but also some in remote/home offices.

    I'm not sure what the correct way is to enable Purview data collection....
    Should/could I globaly enable it on the SSID but disable it for the role home office (bridge@AP).
    It would make no sense to mirror all traffic back via the slow WAN link to the Purview engine.

    Or should I leave WLAN service mirror disabled and enable it only on the role level (the bridge@EWC & routed roles).

    What is the difference... on the WLAN service the selection is "enable both directions" but in the role the option is only "enabled".
    Does it give the same information back to Purview ?

    Thanks,
    Ron


  • 8.  RE: Purview Integration Wireless Controller 9.21

    Posted 07-20-2015 19:43
    Hi Ron,

    The definition in the WLAN Service will work as the catch-all policy. Policy has precedence.

    So in your example, if you want to capture all the traffic on the service except specific roles, simply set the service to 'Enable' - both directions recommended to get by-directional view of the traffic.

    For any Roles you want to exclude, simply set their default action Traffic Mirror to 'Prohibited'.

    If you have both Role and Service set to Enable, then there's no discrepancy and any traffic from that role on that service is N-Mirrored.

    Paulo



  • 9.  RE: Purview Integration Wireless Controller 9.21

    Posted 07-21-2015 10:39
    Thanks Paulo,

    I've took a closer look into the KT and have two more questions...

    1) controller mirror port
    Is the traffic send untagged or is the tag from the respective role used to forward the traffic to Purview?

    2) mirror N packets
    If I unterstand it correctly only the first 15 packets/flow are mirrored to Purview per default.
    So I should be able to enable it also for remote/branch offices without having all data copied back to the controller, right ?

    -Ron


  • 10.  RE: Purview Integration Wireless Controller 9.21

    Posted 07-21-2015 10:39
    Hi Ron,

    It depends on the direction of the traffic:

    1) Traffic to the MU (NET to MU) if carrying a VLAN tag when received at the Appliance/AP will be mirrored as is (With VLAN tag)

    Traffic from the MU (MU to NET) will always be mirrored as received from the wireless (post 802.3) which does not include the VLAN tag.

    2) It depends on the topology configuration. For Bridged@Controller topologies all traffic is relayed back to the controller for N-Mirroring filtering and NetFlow metrics. Note: if mirroring applicable (Rule, Role or Service) the AP will still mirror back all traffic that is 'denied' by a Filtering@AP (controller will discard from the VLAN any such traffic, but will still mirror on Purview)

    For Bridged@AP topologies, the AP will mirror only up to the first N-frames of a flow. Note2: AP will mirror up to N-Frames of any flow even if "Denied' by filtering at AP (so that Purview has complete view of all traffic intended to/by the user)

    Paulo



  • 11.  RE: Purview Integration Wireless Controller 9.21

    Posted 07-21-2015 10:39
    Hi

    When i use TAGGED on any ESA the traffic don´t appear on Purview, if the interface outside configured was untagged the purview show the connections, if tagged packets the purview count but not appear on dashboard. Any idea??



  • 12.  RE: Purview Integration Wireless Controller 9.21

    Posted 07-21-2015 10:39
    - is the link to the VM server a trunk and all VLANs are allowed ?
    - is the VM vswitch set to promiscuous mode and VLAN ID set to "all" so all VLANs are forwarded ?

    I've choosen the "easy" way and use a dedicated NIC on my VM which I've directly connected to my WLAN controller mirror port which works great.


  • 13.  RE: Purview Integration Wireless Controller 9.21

    Posted 07-21-2015 10:39
    Yes

    I choose plug controller direct to the VM (C5210). If you call "tcpdump" the traffic exist and statitisc of purview appears. I have the same scenario but with traffic untagged and purivew show the traffic and informations. But with Tagged, no show

    any Idea?



  • 14.  RE: Purview Integration Wireless Controller 9.21

    Posted 07-21-2015 10:39
    Collector process don´t show FLOWS Records...but sensor read packets


  • 15.  RE: Purview Integration Wireless Controller 9.21

    Posted 07-21-2015 15:31
    Ok another question - this time about the license.
    I've Netsight with a NMS-ADV-U with no additional licenses installed.
    In Oneview I'd see that my Purview supports 100 clients with 3000 flows.

    Is that basic license included in every advanced license to try out Purview or only in the unlimited Netsight license.

    -Ron




  • 16.  RE: Purview Integration Wireless Controller 9.21

    Posted 07-21-2015 16:03
    Hi Ron,

    correct - every NMS-ADV-XX comes with 3000 flows/min & 100 Clients. Just like the 500 NAC End-System licenses.

    Regards
    Michael


  • 17.  RE: Purview Integration Wireless Controller 9.21

    Posted 07-22-2015 18:19
    The early access of Netsight 6.3 is available now if you have requested early access rights.




  • 18.  RE: Purview Integration Wireless Controller 9.21

    Posted 08-28-2015 14:01
    Hi Guys
    Perhaps this post can assist:

    We have deployed a V2110 with NMS 6.3
    We have enabled the purview integration.

    In Oneview we see no Application flows.
    If I look at the TCPDUMP on the Purview appliance on eth0 I see the Netflow Traffic As follows:

    17:56:15.377880 IP (tos 0x0, ttl 126, id 0, offset 0, flags [none], proto UDP (17), length 112)
    10.0.10.250.2095 > rbhs-pur-01.rondebosch.local.2095: UDP, length 84
    17:56:45.454054 IP (tos 0x0, ttl 126, id 0, offset 0, flags [none], proto UDP (17), length 112)
    10.0.10.250.2095 > rbhs-pur-01.rondebosch.local.2095: UDP, length 84
    17:57:15.588240 IP (tos 0x0, ttl 126, id 0, offset 0, flags [none], proto UDP (17), length 112)
    10.0.10.250.2095 > rbhs-pur-01.rondebosch.local.2095: UDP, length 84
    17:57:45.666345 IP (tos 0x0, ttl 126, id 0, offset 0, flags [none], proto UDP (17), length 112)
    10.0.10.250.2095 > rbhs-pur-01.rondebosch.local.2095: UDP, length 84

    If I look at the TCPDump on the mirror port I also see all the mirrored traffic.
    But I see not info in "Oneview"

    So in summary I see the Netflow data and the Mirror data on the purview appliance, but nothing in Oneview.....

    Any ideas??

    Regards


  • 19.  RE: Purview Integration Wireless Controller 9.21

    Posted 08-28-2015 14:06
    That is the correct port # used by Wireless controller for Netflow to Purview.
    Do you have the oneview Configuration setup to view the Purview appliance, as opposed to the default Netflow appliance?

    In the below article, the last picture shows the Purview6.3 appliance selected. It's possible your looking at the Netsight appliance IP instead.

    https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-Identifi-Wireless-Controller-to-send-data-to-Purview



  • 20.  RE: Purview Integration Wireless Controller 9.21

    Posted 08-28-2015 14:06
    Hi..i havê the same situation. On my lab purview is populate because the port is not tagged. On customer the port is tagged and purview dont populate . any idea


  • 21.  RE: Purview Integration Wireless Controller 9.21

    Posted 08-28-2015 14:06
    Luis, is the customer platform running on a VM? It would need to be responsible likely for decoding the tagged packet and forwarding to the PurviewVM.
    a tcpdump, if seen with packets like above, should indicate your getting netflow packets to the purview appliance. The purview appliance must then be sending data back to the Netsight appliance to display the data. As mentioned above, sometimes the Netsight appliance is used for looking at applications flow, it is the default , and needs to be changed to the Purview appliance.


  • 22.  RE: Purview Integration Wireless Controller 9.21

    Posted 08-28-2015 14:06
    Mike,
    The customer has a VM, the VM and Netsight has on the same server. On my lab, the purview show the information, but on the customer not. If you see the image attach, you will see the information of my lab and customer

    the collector not show any data

    CUSTOMER



    LAB



  • 23.  RE: Purview Integration Wireless Controller 9.21

    Posted 08-28-2015 14:06
    Hi Luis,

    is the vswitch in the VM set to "VLAN ID = All" and "Promiscuous Mode" is set to accept.
    I think this are the 2 things that you need to set....

    Here my settings, Netsight is on the VM and I've a C5110 which is directly connected to vmnic5.



    -Ron


  • 24.  RE: Purview Integration Wireless Controller 9.21

    Posted 08-31-2015 12:51
    We are bridging traffic at the AP, tagged in specific Vlans. I see both the Netflow traffic and the Mirrored traffic on the Purview appliance if I run a TCPDUMP for both the management and mirror ports. But We still do not see and "Applications Flows". I will test this with B@AP but untagged.


  • 25.  RE: Purview Integration Wireless Controller 9.21

    Posted 09-10-2015 09:25
    I have deployed PV and EWC in recommended versions, follow the GTAC document how to configure and apparently can not see any traffic on eth0 and eth1 interface of PV. It means no flow and no mirror. Any suggestions what I am doing wrong?


  • 26.  RE: Purview Integration Wireless Controller 9.21

    Posted 09-10-2015 09:25
    Is it Hyper-V or VMWare install? Permiscous mode on the ports is needed for the mirror interface anyways. Seeing no traffic however is a sign of another problem more than likely. Like the virtual switch may be broken.


  • 27.  RE: Purview Integration Wireless Controller 9.21

    Posted 09-10-2015 09:25
    Yes it is Virtual Machine. Prom. mode is on. What can be theproblem with the switch?


  • 28.  RE: Purview Integration Wireless Controller 9.21

    Posted 09-10-2015 09:25
    It could be, but you would see broadcast and the like. Do you see any traffic on a tcpdump? Just a wide open one? The EWC uses a non standard port to transport netflow, either 2095 or 2075 I believe.


  • 29.  RE: Purview Integration Wireless Controller 9.21

    Posted 09-10-2015 09:25
    On first interface of PV I can see some broadcast, the second one(TAP) is silent...


  • 30.  RE: Purview Integration Wireless Controller 9.21

    Posted 09-10-2015 09:25
    do an 'ifconfig -a' a couple of times to see if traffic is coming in.

    Also a wide open tcpdump to see if anything is coming in unicast to box.

    tcpdump -i eth0
    I assume if the box is remotely managed the answer is yes.
    If nothing on eth1, maybe the mirror interface is not eth1?


  • 31.  RE: Purview Integration Wireless Controller 9.21

    Posted 09-16-2015 17:38
    Hi,

    How should I proceed with troubleshooting when PV gets NetFlow reports (I can see them via tcpdump from both EWCs that create H/A pair) but it doesn't get MirrorN via L2 port?

    I've set eth1 and eth2 in PV for mirror, as one is for the LAN, and another is for EWCs. Then I put the eth in a separate vSwitch (promisc accept) with one 4095 VID port group (promisc accept), where also mirror ports of both EWCs are inserted.

    I am concerned about output of OneView->Applications->Configuration->Purview Appliances->purview->Status->Diagnostics->Configuration Verification:
    --------------------------------------------------
    Process appid is running at pid 7927
    Process appidserver is running at pid 7947
    --------------------------------------------------
    Checking for traffic on interface eth1
    Checking for traffic on interface eth2
    Checking for Netflow records on interface eth0..
    Checking for Netflow records on interface eth1..
    Checking for IPFIX records on loopback interface..
    --------------------------------------------------
    Waiting for captures to complete..
    Mirror appears to be setup correctly on eth1.
    Mirror appears to be setup correctly on eth2.
    NOTE - Netflow does not appear to be setup to send to this host correctly. <<<
    IPFIX appears to be setup correctly.
    --------------------------------------------------

    If needed I can share with all the details of steps I've made to configure PV/EWC.

    Regards,
    Tomasz

    EDIT: Tcpdumping the esa1 at EWC doesn't show anything.
    I am testing using mobile playing Youtube movies, with B@AP topology.


  • 32.  RE: Purview Integration Wireless Controller 9.21

    Posted 10-06-2015 05:13
    The issue with EWC and Purview was connected withsize of EWC virtual machine resources. If I had EWC with small amount of resources => EWC Small, EWC did not send any data to Purview (Netflow). When I have changed size of controller to Medium everything was OK and Purview started to work fine.


  • 33.  RE: Purview Integration Wireless Controller 9.21



  • 34.  RE: Purview Integration Wireless Controller 9.21

    Posted 11-06-2015 16:59
    Yes... but i Have 2 c5210. And purview see the traffic but dont populate


  • 35.  RE: Purview Integration Wireless Controller 9.21

    Posted 11-06-2015 16:59
    Luis, Please be specific, if your doing a tcpdump on eth0 for port 2095 do you see data?

    This is needed to see the flows. To get the response times, the eth1 port is typically used to calculate that, and you need to see two-way responses there as well.
    So I would show a little of what you see on each port if possible. be mindful that public IPS might be visible on any display of eth1 mirrored traffic.


  • 36.  RE: Purview Integration Wireless Controller 9.21

    Posted 11-06-2015 16:59
    Yes...
    See traffic... This machine is possible to connect with remote access. I have 2 months to demonstrate this solution. On my lab connects and works fine. But on customer not. If you or any engineer have a time to connect and see what is going on.
    Collector dont populate.






  • 37.  RE: Purview Integration Wireless Controller 9.21

    Posted 11-06-2015 16:59
    Are you just not seeing application flows? Looks like both ports are seeing data.
    If so, try a different browser.

    We can certainly do a remote assist if you open a case with the GTAC
    Instructions below.

    https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-contact-Extreme-Networks-Global-Tec...


  • 38.  RE: Purview Integration Wireless Controller 9.21

    Posted 11-06-2015 16:59
    I have a case open... 2 months and all questions. all that was asked me I said , I sent screenshots I only requested a remote access someone who has already run the purview with wireless. I have 3 customers who are interested but want to see the working solution


  • 39.  RE: Purview Integration Wireless Controller 9.21

    Posted 11-06-2015 16:59
    Hi Luis, please call us at the GTAC 0800-76-25397 at your earliest convenience for us to work on this issue. Thank you and have a great weekend.


  • 40.  RE: Purview Integration Wireless Controller 9.21

    Posted 11-06-2015 16:59
    We have worked with Luis Mendes via remote session and we believe we have identified the root cause. The Admin interface cannot be used as the source interface for netflow traffic. We have suggested to have the admin interface disabled and configure one of the available physical interfaces (esa0-3) for management of the controller and to be used as the source for the netflow traffic.


  • 41.  RE: Purview Integration Wireless Controller 9.21



  • 42.  RE: Purview Integration Wireless Controller 9.21

    Posted 04-03-2016 02:44
    Hello all, as soon as i enable the netflow mirror L2 port (esa1) to the purview appliance all of the wireless traffic stops. all clients are still connected to the AP's but are not able to pass traffic. NMS,NAC,Purview & WLC are virtual.. Purview configured with option 1, single interface. Any ideas?


  • 43.  RE: Purview Integration Wireless Controller 9.21

    Posted 04-03-2016 02:44
    Purview will not be able to work with one interface.
    It will need a eth0 and a eth1. And the ESA1 on wireless VM will need to attach to the ETH1 on the purview appliance. The wireless controllers do not support GRE interfaces, which is needed to run only one interface on the Purview appliance.
    If in a purely VM environment, the ESA1 port and ETH1 ports will both need to be in a separate VSWITCH, in permiscous mode on both interfaces. Some unlicensed versions of VMWare do not support this.
    This may not at all have been your issue from the controller side, but your topology does not sounds correct.


  • 44.  RE: Purview Integration Wireless Controller 9.21

    Posted 04-03-2016 02:44
    Thanks Mike! I created a seperate vSwitch and assigned eth1 and esa1 to the port group purview is running perfectly! Great thread thanks for the quick responce.




  • 45.  RE: Purview Integration Wireless Controller 9.21

    Posted 04-03-2016 02:44
    Welcome to the Hub Community David. Really great to have you join us!


  • 46.  RE: Purview Integration Wireless Controller 9.21

    Posted 04-03-2016 02:44
    How would I set up the vSwitch when I have two EWC VMs on different hosts in different server rooms?


  • 47.  RE: Purview Integration Wireless Controller 9.21

    Posted 04-03-2016 02:44
    James, I am not a VMware design expert - but the ESA port would need to be sent out a specific VLAN, probably tagged in this case, so it can get to the other sides Purview appliance VM Eth1 port. The wireless controller cannot do a Gre tunnel like the PV-FC-180 and S-Series so you will need to work around that.
    Others here may have more experience in the actual configuration from a Vswitch end.


  • 48.  RE: Purview Integration Wireless Controller 9.21

    Posted 04-03-2016 02:44
    Just bumping this thread.

    We have two EWCs, each on different hosts, running active/active, and I'm trying to figure out how to setup one Extreme Analytics (Purview) VM, where both controllers will forward their Netflow? We aren't licensed to use Vmware's distributed switch so we have to use standard switch. Has anyone done this before? or would it be best to setup a Analytics VM on each of VM hosts where my EWC sits, as EWC esa1 and Analytics eth1, need to sit on the same Standard vSwitch.



  • 49.  RE: Purview Integration Wireless Controller 9.21

    Posted 04-03-2016 02:44
    Peter: Multiple Purview VMs seems like a good idea, I'll give that a shot next week.


  • 50.  RE: Purview Integration Wireless Controller 9.21

    Posted 04-03-2016 02:44
    Hi James. So far I implemented this yesterday, and it seems to be working. We have a vmware essentials plus license, so we can't use" distributed virtual switch". But if you have the license one above that, which I think is vmware enterprise, then you should be able to use one purview vm, and have a distributed virtual switch spanning across multiple vm hosts, for the EMC esa1 and purview etgh1 to plug into. If I remember correctly, I think this distributed virtual switch needs to be set to mirroring. This is all from what I've read, and unfortunately I can't confirm as I don't have the license.

    From what I've done:
    VM Host 1
    -EMC1
    -Analytics Purview 1 VM
    -Standard Switch in promiscuous mode, using dedicated L2 port connected to our switch (EMC1 esa1, and Purview1 eth1 connected to this virtual switch)
    -On our switch, I created a vlan, "analytics" to isolate traffic on this standard switch

    VM Host 2
    -EMC2
    -Analytics Purview 2 VM
    -Standard Switch in promiscuous mode (EMC2 esa1, and Purview2 eth1 connected to this virtual switch)
    -On our switch, I created a vlan, "analytics2" to isolate traffic on this standard switch

    On EMC1
    -have netflow forward to Purview1

    On EMC2
    -have netflow forward to Purview 2

    If you have any questions, let me know.


  • 51.  RE: Purview Integration Wireless Controller 9.21

    Posted 04-03-2016 02:44
    Hi Peter,

    While we do have Enterprise Plus vSphere, but switching to a distributed virtual switch is a big config change, so I went with the config you have above (although I assume you mean EWC not EMC). There's a few things that are covered in comments above, like using VLAN 4095 to get all data, but one thing that isn't is that you can't use the EMC to configure Wireless Controller Flow Sources, as it'll try to add both controllers of the HA pair to one capture appliance, which is exactly what you don't want. Instead, set them up manually in each EWC, and then they show up in EMC later. I also set up a DRS rule to keep the EWC and Purview VMs on the same host.

    One thing I learnt while researching VMware dvSwitching is it supports Encapsulated Remote Mirroring (L3) which is a GRE port mirror. So it's conceivable that you could set that up and point it at the purview VM like you would with a CoreFlow2 GRE source. Also, now I realise I can capture normal traffic from my S4 to wireshark on my desktop.