ExtremeCloud IQ- Site Engine & Extreme Management Center

  • 1.  EWC and Purview Analytics don ́t work together...

    Posted 12-10-2017 21:09
    Hello Friends,

    after annoying 5 hours test i ́m very frustrated.

    I upgraded my lab to EWC V10.41 with the latest purview /Analytics / netsight 8.015

    First i did a flat test, EWC ETH0 / Purview ETH0 / SSID for Testing.

    All together were in one VLAN, they were terminated on a VMware Host with virtual Nic set to VLAN4095 and the Port on the Switch was PVID and Untagged on VLAN 100 ..

    That ́s worked fine Without Problems.

    After that i wanted to build up a more Standard and Secure Solution.

    EWC ETH 0 and Purview ETH 0 are into the same vlan. ( 101 )

    WLAN Traffic is configured as Bridged@EWC (with VLAN Taged 100)

    I have configured Netflow in EWC as described into the guides, IP of ETH0 Purview Appliance

    Mirror Port : None

    But there is no NetFlow Traffic arrive on the ETH0 Interface of Purview Appliance and i dont know why anymore.

    I checked this with : tcpdump -i eth0 udp port 2095 on the Pureview appliance.

    I can ping from purview eth0 to EWC eth0.

    I made a cap file on the eth0 of the EWC an no packet is going into direction of purview.

    I made some pings from purview to ewc and again a Network dump with packet capture..and with wirshark i can see the icmp packets coming from Purview and going to purview.

    At this time i don ́t know where i can still search for this error....

    Perhaps someone of you can read something into the cap file, i will attach this.

    The file was recorded as i pinged from ewc eth0 to purview eth0 and reverse.

    IP : 192.168.50.4 ( EWC eth0 ) 192.168.50.12 ( Purview eth0)

    Some Questions for me:

    1. what ist the source Interface of NetFlow Data from EWC, is this ETH0 in every Situation ?

    2. which deployment is the right for Integration of an ewc to purview.

    As i understand this should be single Interface but Without GRE Tunnel ....

    how can i configure this, or do i Need a gre tunnel Between the EWC and the Purview for

    using NetFlow Without dedicated L2 Mirror ?

    Christian

    Dropbox Link to cap file

    https://www.dropbox.com/s/wnqwx9g67j9a9gs/mgmt_traffic_dump4.cap?dl=0

    if the Standard questions are coming 🙂

    - yes NetFlow is activated in Advanced WLAN Services of SSID

    - yes Traffic Mirror is activated on the main tab of WLAN Services

    - yes Appliaction Visibility is activated on the same tab

    - yes traffic mirror is activated into the designated role for this SSID / VNS



  • 2.  RE: EWC and Purview Analytics don ́t work together...

    Posted 12-11-2017 06:48
    The best practise is: Do not use Admin interface (out-of-band) (disconnect). Use only one (exactly one) physical topology (you can have as many as you need B@AP, B@EWC, routed...) The physical topology should be used for netflow export. Good luck.


  • 3.  RE: EWC and Purview Analytics don ́t work together...

    Posted 12-11-2017 18:38
    thx.. i will test it, but one question

    How can i definitely check that NetFlow packets will sent out from EWC ?



  • 4.  RE: EWC and Purview Analytics don ́t work together...

    Posted 12-11-2017 22:46
    I am using tcpdump on the EWC...


  • 5.  RE: EWC and Purview Analytics don ́t work together...

    Posted 12-12-2017 01:57
    Hi ,

    Just wanted to check , is this taken care now ? are you able to complete the set up ?

    Thanks,

    Suresh.B



  • 6.  RE: EWC and Purview Analytics don ́t work together...

    Posted 12-12-2017 21:29
    .. 😞 no ... i´m very frustrated .. the EWC seems to strike against my whishes
    i did a "tcpdump -i any -n udp port 2095" on the EWC Shell and no Little packet is passing

    Do you know any Rule (predefined) or Setting that could block this NetFlow Generation on EWC ?

    I have only one physical topology ..

    from this and from every other Interface i can ping the eth0 of purview appliance ..

    but the EWC don´t generate any packet of NetFlow .. as it seems.





  • 7.  RE: EWC and Purview Analytics don ́t work together...

    Posted 12-12-2017 23:53
    Hi ,

    Since you have all latest firmware's in your set up,

    Could you open a GTAC case because you already very frustrated fixing this issue by yourself.

    Thanks,

    Suresh.B



  • 8.  RE: EWC and Purview Analytics don ́t work together...

    Posted 12-13-2017 00:11
    Please disable the controller eth0/admin port (in VM) and replace the IP with a unused IP/subnet just to make sure it's not used.

    I had a mirror setup till now (I was too lazy to change it) but now I've disabled/removed the mirror and configured it for IPFIX like this...

    https://gtacknowledge.extremenetworks.com/articles/How_To/Configuring-a-Identifi-Wireless-Controller...

    From my test you'd skip the controller config completely (screenshot#1) because if you just do the Analytics config (2nd screenshot) everything is done via EMC...

    - EMC sets the Analytics IP on the controller
    - EMC sets all the WLANs that you checkmark and configures the controller WLANs to "Default Traffic Mirror: enabled both directions"
    !!! I've rx an error after I hit apply/save in EMC but still everything was fine !!!

    After that one configuration step in Analytics I've rx NetFlow information (tcpdump -i eth0 udp port 2095) BUT I didn;t see anything with tcpdump on the controller... not sure why or whether that is FAD.... but give it a try and run the command on the Analytics instead of the controller (I know you'd like to check whether something is going out but I wasn't able to see packets even it was working).

    Here the proof that EMC configured everything = controller audit UI log...

    12/13/17 01:54:39NetsightvnswlansWLANS SecureAccess configuration changed:
    12/13/17 01:54:39Netsightvnswlans[mirrorn] setting has changed from [0] to [1]
    12/13/17 01:54:39Netsightvnswlans[netflow] setting has changed from [0] to [1]
    12/13/17 01:54:39NetsightvnsgeneralNetflow MirrorN configuration changed: netflow_export_ip from 0.0.0.0 to 172.24.24.120,

    From what I see it looks like that you don't need to set anything on the roles (mirror = disabled).

    -Ron