Header Only - DO NOT REMOVE - Extreme Networks

EWC and Purview Analytics don ́t work together...


Userlevel 2
Hello Friends,

after annoying 5 hours test i ́m very frustrated.

I upgraded my lab to EWC V10.41 with the latest purview /Analytics / netsight 8.015

First i did a flat test, EWC ETH0 / Purview ETH0 / SSID for Testing.

All together were in one VLAN, they were terminated on a VMware Host with virtual Nic set to VLAN4095 and the Port on the Switch was PVID and Untagged on VLAN 100 ..

That ́s worked fine Without Problems.

After that i wanted to build up a more Standard and Secure Solution.

EWC ETH 0 and Purview ETH 0 are into the same vlan. ( 101 )

WLAN Traffic is configured as Bridged@EWC (with VLAN Taged 100)

I have configured Netflow in EWC as described into the guides, IP of ETH0 Purview Appliance

Mirror Port : None

But there is no NetFlow Traffic arrive on the ETH0 Interface of Purview Appliance and i dont know why anymore.

I checked this with : tcpdump -i eth0 udp port 2095 on the Pureview appliance.

I can ping from purview eth0 to EWC eth0.

I made a cap file on the eth0 of the EWC an no packet is going into direction of purview.

I made some pings from purview to ewc and again a Network dump with packet capture..and with wirshark i can see the icmp packets coming from Purview and going to purview.

At this time i don ́t know where i can still search for this error....

Perhaps someone of you can read something into the cap file, i will attach this.

The file was recorded as i pinged from ewc eth0 to purview eth0 and reverse.

IP : 192.168.50.4 ( EWC eth0 ) 192.168.50.12 ( Purview eth0)

Some Questions for me:

1. what ist the source Interface of NetFlow Data from EWC, is this ETH0 in every Situation ?

2. which deployment is the right for Integration of an ewc to purview.

As i understand this should be single Interface but Without GRE Tunnel ....

how can i configure this, or do i Need a gre tunnel Between the EWC and the Purview for

using NetFlow Without dedicated L2 Mirror ?

Christian

Dropbox Link to cap file

https://www.dropbox.com/s/wnqwx9g67j9a9gs/mgmt_traffic_dump4.cap?dl=0

if the Standard questions are coming 🙂

- yes NetFlow is activated in Advanced WLAN Services of SSID

- yes Traffic Mirror is activated on the main tab of WLAN Services

- yes Appliaction Visibility is activated on the same tab

- yes traffic mirror is activated into the designated role for this SSID / VNS

7 replies

Userlevel 6
The best practise is: Do not use Admin interface (out-of-band) (disconnect). Use only one (exactly one) physical topology (you can have as many as you need B@AP, B@EWC, routed...) The physical topology should be used for netflow export. Good luck.
Userlevel 2
thx.. i will test it, but one question

How can i definitely check that NetFlow packets will sent out from EWC ?
Userlevel 6
I am using tcpdump on the EWC...
Userlevel 4
Hi ,

Just wanted to check , is this taken care now ? are you able to complete the set up ?

Thanks,

Suresh.B
Userlevel 2
.. 😞 no ... i´m very frustrated .. the EWC seems to strike against my whishes
i did a "tcpdump -i any -n udp port 2095" on the EWC Shell and no Little packet is passing

Do you know any Rule (predefined) or Setting that could block this NetFlow Generation on EWC ?

I have only one physical topology ..

from this and from every other Interface i can ping the eth0 of purview appliance ..

but the EWC don´t generate any packet of NetFlow .. as it seems.

Userlevel 4
Hi ,

Since you have all latest firmware's in your set up,

Could you open a GTAC case because you already very frustrated fixing this issue by yourself.

Thanks,

Suresh.B
Userlevel 7
Please disable the controller eth0/admin port (in VM) and replace the IP with a unused IP/subnet just to make sure it's not used.

I had a mirror setup till now (I was too lazy to change it) but now I've disabled/removed the mirror and configured it for IPFIX like this...

https://gtacknowledge.extremenetworks.com/articles/How_To/Configuring-a-Identifi-Wireless-Controller...

From my test you'd skip the controller config completely (screenshot#1) because if you just do the Analytics config (2nd screenshot) everything is done via EMC...

- EMC sets the Analytics IP on the controller
- EMC sets all the WLANs that you checkmark and configures the controller WLANs to "Default Traffic Mirror: enabled both directions"
!!! I've rx an error after I hit apply/save in EMC but still everything was fine !!!

After that one configuration step in Analytics I've rx NetFlow information (tcpdump -i eth0 udp port 2095) BUT I didn;t see anything with tcpdump on the controller... not sure why or whether that is FAD.... but give it a try and run the command on the Analytics instead of the controller (I know you'd like to check whether something is going out but I wasn't able to see packets even it was working).

Here the proof that EMC configured everything = controller audit UI log...

12/13/17 01:54:39NetsightvnswlansWLANS SecureAccess configuration changed:
12/13/17 01:54:39Netsightvnswlans[mirrorn] setting has changed from [0] to [1]
12/13/17 01:54:39Netsightvnswlans[netflow] setting has changed from [0] to [1]
12/13/17 01:54:39NetsightvnsgeneralNetflow MirrorN configuration changed: netflow_export_ip from 0.0.0.0 to 172.24.24.120,

From what I see it looks like that you don't need to set anything on the roles (mirror = disabled).

-Ron

Reply