Purview Colector Wireless

  • 0
  • 2
  • Problem
  • Updated 2 years ago
  • Solved
Purview colector doesn ́t shows de comunication. But the servers receive the mirror of controller 
Photo of Luis Mendes

Luis Mendes

  • 1,690 Points 1k badge 2x thumb

Posted 3 years ago

  • 0
  • 2
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 51,328 Points 50k badge 2x thumb
Hi Luis,

on the controller in > VNS > Global > Netflow
Is the IP of the Purview VM set....



And then enabled on every WLAN service > advanced options


-Ron
Photo of Luis Mendes

Luis Mendes

  • 1,690 Points 1k badge 2x thumb
Ron

   This option has checked and controller receive traffic, but not populate with applications
Photo of Luis Mendes

Luis Mendes

  • 1,690 Points 1k badge 2x thumb
And Default traffic mirror enabled
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 51,328 Points 50k badge 2x thumb
Yes, from the screenshot you've provided we'd see that Purview is receiving the mirror data BUT didn't get any Netflow data (as far as I unterstand that output).

What AP models are used ?
Could you ping the Purview IP 172.16.0.136 from the controller ?
Photo of Luis Mendes

Luis Mendes

  • 1,690 Points 1k badge 2x thumb
Yes.. All Aps are 3715i
 The Netsight have a ip 172.16.0.138
Purview has 172.16.0.136 and Controller has 172.16.0.130

The interface esa1 has connect directly to another port of Purview appliance (eth1) And receive traffic
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 51,328 Points 50k badge 2x thumb
You'd check whether there is any Netflow data from the controller to Purview.
I've got that from here... https://gtacknowledge.extremenetworks.com/articles/Q_A/Wants-somebody-to-review-his-Purview-config-t...
!!! The controller uses port 2095 instead of port 2055 !!!

So to check for Netflow data ssh to Purview.
Do a "ifconfig" to see the interfaces - I assume that you use eth0 for the 172.16.0.138 interface so the command is....

root@purview:/$ tcpdump -i eth0 udp port 2095
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
23:38:07.681163 IP 10.12.0.1.2095 > purview.wywlan.com.2095: UDP, length 84
23:38:16.045706 IP 10.12.0.1.2095 > purview.wywlan.com.2095: UDP, length 1450
23:38:16.780486 IP 10.12.0.1.2095 > purview.wywlan.com.2095: UDP, length 1450
23:38:17.194480 IP 10.12.0.1.2095 > purview.wywlan.com.2095: UDP, length 1450
^C

I've done the command and connected with my WLAN client and opened some webpages to get some Netflow data.


Also please doublecheck if you've configured it like this....
https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-Identifi-Wireless-Control...
Photo of Luis Mendes

Luis Mendes

  • 1,690 Points 1k badge 2x thumb
Ronald

   I read the article.   I have an lab with V2110 and the same configuration. On my lab purview works fine. But on the customer not populate.

root@purview:~$ tcpdump -i eth0 udp port 2095 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
19:07:22.052542 IP 10.72.0.2.55843 > purview..2095: UDP, length 1372
19:07:22.052577 IP 10.72.0.2.55843 > purview..2095: UDP, length 1372
19:07:23.052569 IP 10.72.0.2.55843 > purview..2095: UDP, length 1368
19:07:24.052552 IP 10.72.0.2.55843 > purview..2095: UDP, length 1296
19:07:25.052544 IP 10.72.0.2.55843 > purview..2095: UDP, length 1296
19:07:25.052584 IP 10.72.0.2.55843 > purview..2095: UDP, length 1372

tcpdump -i eth1 (show traffic)
tcpdump -i lo udp port 9191 (show traffic)

root@purview:~$ appidctl status** Purview Version 6.3.0.162 **
     process               status restarts    pid                start time
       appid        start/running        0  31622  Mon Oct  5 17:32:52 2015
 appidserver        start/running        0  31618  Mon Oct  5 17:32:52 2015
root@purview:~$
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 51,328 Points 50k badge 2x thumb
I'd reboot Purview and if it still doesn't work call the GTAC for a remote session.
Photo of Adilson Gal

Adilson Gal, Employee

  • 1,408 Points 1k badge 2x thumb
We have worked with Luis Mendes on this issue and it have found that he will have to setup one of the available physical interfaces (esa0-3) to be used as the source interface for the netflow traffic. The end user has been using the admin interface which we have identified to be the root cause. The Admin interface, we have learned, does not show netflow traffic. 
Photo of aloeffle

aloeffle

  • 980 Points 500 badge 2x thumb
Dear all.

In my setup I receive NetFlow packets, but no application is detected. No Fingerprints do match for WiFi traffic.

My Purview is setup in Network profile 3
eth0 for MGMT
eth1 for mirrored traffic

eth0 10.0.10.22
eth1 /gre1 10.0.11.23

My question is, which ip address do I need to configure at  the controller in > VNS > Global > Netflow/Mirror N?  10.0.10.22 or 10.0.11.23?

You need to know that we also have some S-Serie devices which use GRE to forward mirrored traffic to that PV-Engine.

BTW: Controller Management Traffic is mapped to esa0 as "AG ^^" mentioned.

Thanks and best regards
Alex
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 51,328 Points 50k badge 2x thumb
"My question is, which ip address do I need to configure at  the controller in > VNS > Global > Netflow/Mirror N?  10.0.10.22 or 10.0.11.23?"

You need to configure the mgmt address = 10.0.10.22