after annoying 5 hours test i ́m very frustrated.
I upgraded my lab to EWC V10.41 with the latest purview /Analytics / netsight 8.015
First i did a flat test, EWC ETH0 / Purview ETH0 / SSID for Testing.
All together were in one VLAN, they were terminated on a VMware Host with virtual Nic set to VLAN4095 and the Port on the Switch was PVID and Untagged on VLAN 100 ..
That ́s worked fine Without Problems.
After that i wanted to build up a more Standard and Secure Solution.
EWC ETH 0 and Purview ETH 0 are into the same vlan. ( 101 )
WLAN Traffic is configured as Bridged@EWC (with VLAN Taged 100)
I have configured Netflow in EWC as described into the guides, IP of ETH0 Purview Appliance
Mirror Port : None
But there is no NetFlow Traffic arrive on the ETH0 Interface of Purview Appliance and i dont know why anymore.
I checked this with : tcpdump -i eth0 udp port 2095 on the Pureview appliance.
I can ping from purview eth0 to EWC eth0.
I made a cap file on the eth0 of the EWC an no packet is going into direction of purview.
I made some pings from purview to ewc and again a Network dump with packet capture..and with wirshark i can see the icmp packets coming from Purview and going to purview.
At this time i don ́t know where i can still search for this error....
Perhaps someone of you can read something into the cap file, i will attach this.
The file was recorded as i pinged from ewc eth0 to purview eth0 and reverse.
IP : 192.168.50.4 ( EWC eth0 ) 192.168.50.12 ( Purview eth0)
Some Questions for me:
1. what ist the source Interface of NetFlow Data from EWC, is this ETH0 in every Situation ?
2. which deployment is the right for Integration of an ewc to purview.
As i understand this should be single Interface but Without GRE Tunnel ....
how can i configure this, or do i Need a gre tunnel Between the EWC and the Purview for
using NetFlow Without dedicated L2 Mirror ?
Dropbox Link to cap file
if the Standard questions are coming
- yes NetFlow is activated in Advanced WLAN Services of SSID
- yes Traffic Mirror is activated on the main tab of WLAN Services
- yes Appliaction Visibility is activated on the same tab
- yes traffic mirror is activated into the designated role for this SSID / VNS