Purview Colector Wireless


Userlevel 2
Purview colector doesn´t shows de comunication. But the servers receive the mirror of controller


13 replies

Userlevel 7
Hi Luis,

on the controller in > VNS > Global > Netflow
Is the IP of the Purview VM set....



And then enabled on every WLAN service > advanced options



-Ron
Userlevel 2
Ron wrote:

Hi Luis,

on the controller in > VNS > Global > Netflow
Is the IP of the Purview VM set....



And then enabled on every WLAN service > advanced options



-Ron

Ron

This option has checked and controller receive traffic, but not populate with applications
Userlevel 2
Ron wrote:

Hi Luis,

on the controller in > VNS > Global > Netflow
Is the IP of the Purview VM set....



And then enabled on every WLAN service > advanced options



-Ron

And Default traffic mirror enabled
Userlevel 7
Yes, from the screenshot you've provided we'd see that Purview is receiving the mirror data BUT didn't get any Netflow data (as far as I unterstand that output).

What AP models are used ?
Could you ping the Purview IP 172.16.0.136 from the controller ?
Userlevel 2
Ron wrote:

Yes, from the screenshot you've provided we'd see that Purview is receiving the mirror data BUT didn't get any Netflow data (as far as I unterstand that output).

What AP models are used ?
Could you ping the Purview IP 172.16.0.136 from the controller ?

Yes.. All Aps are 3715i
The Netsight have a ip 172.16.0.138
Purview has 172.16.0.136 and Controller has 172.16.0.130

The interface esa1 has connect directly to another port of Purview appliance (eth1) And receive traffic
Userlevel 2
Yes.. All Aps are 3715i
The Netsight have a ip 172.16.0.138
Purview has 172.16.0.136 and Controller has 172.16.0.130

The interface esa1 has connect directly to another port of Purview appliance (eth1) And receive traffic
Userlevel 7
You'd check whether there is any Netflow data from the controller to Purview.
I've got that from here... https://gtacknowledge.extremenetworks.com/articles/Q_A/Wants-somebody-to-review-his-Purview-config-t...
!!! The controller uses port 2095 instead of port 2055 !!!

So to check for Netflow data ssh to Purview.
Do a "ifconfig" to see the interfaces - I assume that you use eth0 for the 172.16.0.138 interface so the command is....

root@purview:/$ tcpdump -i eth0 udp port 2095
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
23:38:07.681163 IP 10.12.0.1.2095 > purview.wywlan.com.2095: UDP, length 84
23:38:16.045706 IP 10.12.0.1.2095 > purview.wywlan.com.2095: UDP, length 1450
23:38:16.780486 IP 10.12.0.1.2095 > purview.wywlan.com.2095: UDP, length 1450
23:38:17.194480 IP 10.12.0.1.2095 > purview.wywlan.com.2095: UDP, length 1450
^C

I've done the command and connected with my WLAN client and opened some webpages to get some Netflow data.

Also please doublecheck if you've configured it like this....
https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-Identifi-Wireless-Control...
Userlevel 2
Ron wrote:

You'd check whether there is any Netflow data from the controller to Purview.
I've got that from here... https://gtacknowledge.extremenetworks.com/articles/Q_A/Wants-somebody-to-review-his-Purview-config-t...
!!! The controller uses port 2095 instead of port 2055 !!!

So to check for Netflow data ssh to Purview.
Do a "ifconfig" to see the interfaces - I assume that you use eth0 for the 172.16.0.138 interface so the command is....

root@purview:/$ tcpdump -i eth0 udp port 2095
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
23:38:07.681163 IP 10.12.0.1.2095 > purview.wywlan.com.2095: UDP, length 84
23:38:16.045706 IP 10.12.0.1.2095 > purview.wywlan.com.2095: UDP, length 1450
23:38:16.780486 IP 10.12.0.1.2095 > purview.wywlan.com.2095: UDP, length 1450
23:38:17.194480 IP 10.12.0.1.2095 > purview.wywlan.com.2095: UDP, length 1450
^C

I've done the command and connected with my WLAN client and opened some webpages to get some Netflow data.

Also please doublecheck if you've configured it like this....
https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-Identifi-Wireless-Control...


Ronald

I read the article. I have an lab with V2110 and the same configuration. On my lab purview works fine. But on the customer not populate.

root@purview:~$ tcpdump -i eth0 udp port 2095 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
19:07:22.052542 IP 10.72.0.2.55843 > purview..2095: UDP, length 1372
19:07:22.052577 IP 10.72.0.2.55843 > purview..2095: UDP, length 1372
19:07:23.052569 IP 10.72.0.2.55843 > purview..2095: UDP, length 1368
19:07:24.052552 IP 10.72.0.2.55843 > purview..2095: UDP, length 1296
19:07:25.052544 IP 10.72.0.2.55843 > purview..2095: UDP, length 1296
19:07:25.052584 IP 10.72.0.2.55843 > purview..2095: UDP, length 1372

tcpdump -i eth1 (show traffic)
tcpdump -i lo udp port 9191 (show traffic)

root@purview:~$ appidctl status** Purview Version 6.3.0.162 **
process status restarts pid start time
appid start/running 0 31622 Mon Oct 5 17:32:52 2015
appidserver start/running 0 31618 Mon Oct 5 17:32:52 2015
root@purview:~$
Userlevel 7
Ron wrote:

You'd check whether there is any Netflow data from the controller to Purview.
I've got that from here... https://gtacknowledge.extremenetworks.com/articles/Q_A/Wants-somebody-to-review-his-Purview-config-t...
!!! The controller uses port 2095 instead of port 2055 !!!

So to check for Netflow data ssh to Purview.
Do a "ifconfig" to see the interfaces - I assume that you use eth0 for the 172.16.0.138 interface so the command is....

root@purview:/$ tcpdump -i eth0 udp port 2095
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
23:38:07.681163 IP 10.12.0.1.2095 > purview.wywlan.com.2095: UDP, length 84
23:38:16.045706 IP 10.12.0.1.2095 > purview.wywlan.com.2095: UDP, length 1450
23:38:16.780486 IP 10.12.0.1.2095 > purview.wywlan.com.2095: UDP, length 1450
23:38:17.194480 IP 10.12.0.1.2095 > purview.wywlan.com.2095: UDP, length 1450
^C

I've done the command and connected with my WLAN client and opened some webpages to get some Netflow data.

Also please doublecheck if you've configured it like this....
https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-Identifi-Wireless-Control...

I'd reboot Purview and if it still doesn't work call the GTAC for a remote session.
Userlevel 4
Ron wrote:

You'd check whether there is any Netflow data from the controller to Purview.
I've got that from here... https://gtacknowledge.extremenetworks.com/articles/Q_A/Wants-somebody-to-review-his-Purview-config-t...
!!! The controller uses port 2095 instead of port 2055 !!!

So to check for Netflow data ssh to Purview.
Do a "ifconfig" to see the interfaces - I assume that you use eth0 for the 172.16.0.138 interface so the command is....

root@purview:/$ tcpdump -i eth0 udp port 2095
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
23:38:07.681163 IP 10.12.0.1.2095 > purview.wywlan.com.2095: UDP, length 84
23:38:16.045706 IP 10.12.0.1.2095 > purview.wywlan.com.2095: UDP, length 1450
23:38:16.780486 IP 10.12.0.1.2095 > purview.wywlan.com.2095: UDP, length 1450
23:38:17.194480 IP 10.12.0.1.2095 > purview.wywlan.com.2095: UDP, length 1450
^C

I've done the command and connected with my WLAN client and opened some webpages to get some Netflow data.

Also please doublecheck if you've configured it like this....
https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-Identifi-Wireless-Control...

We have worked with Luis Mendes on this issue and it have found that he will have to setup one of the available physical interfaces (esa0-3) to be used as the source interface for the netflow traffic. The end user has been using the admin interface which we have identified to be the root cause. The Admin interface, we have learned, does not show netflow traffic.
Userlevel 4
Ron wrote:

You'd check whether there is any Netflow data from the controller to Purview.
I've got that from here... https://gtacknowledge.extremenetworks.com/articles/Q_A/Wants-somebody-to-review-his-Purview-config-t...
!!! The controller uses port 2095 instead of port 2055 !!!

So to check for Netflow data ssh to Purview.
Do a "ifconfig" to see the interfaces - I assume that you use eth0 for the 172.16.0.138 interface so the command is....

root@purview:/$ tcpdump -i eth0 udp port 2095
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
23:38:07.681163 IP 10.12.0.1.2095 > purview.wywlan.com.2095: UDP, length 84
23:38:16.045706 IP 10.12.0.1.2095 > purview.wywlan.com.2095: UDP, length 1450
23:38:16.780486 IP 10.12.0.1.2095 > purview.wywlan.com.2095: UDP, length 1450
23:38:17.194480 IP 10.12.0.1.2095 > purview.wywlan.com.2095: UDP, length 1450
^C

I've done the command and connected with my WLAN client and opened some webpages to get some Netflow data.

Also please doublecheck if you've configured it like this....
https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-Identifi-Wireless-Control...

See article https://gtacknowledge.extremenetworks.com/articles/Solution/Wireless-Appliance-does-not-forward-Netflow-traffic-to-Purview-Appliance.
Userlevel 2
Dear all.

In my setup I receive NetFlow packets, but no application is detected. No Fingerprints do match for WiFi traffic.

My Purview is setup in Network profile 3
eth0 for MGMT
eth1 for mirrored traffic

eth0 10.0.10.22
eth1 /gre1 10.0.11.23

My question is, which ip address do I need to configure at the controller in > VNS > Global > Netflow/Mirror N? 10.0.10.22 or 10.0.11.23?

You need to know that we also have some S-Serie devices which use GRE to forward mirrored traffic to that PV-Engine.

BTW: Controller Management Traffic is mapped to esa0 as "AG ^^" mentioned.

Thanks and best regards
Alex
Userlevel 7
"My question is, which ip address do I need to configure at the controller in > VNS > Global > Netflow/Mirror N? 10.0.10.22 or 10.0.11.23?"

You need to configure the mgmt address = 10.0.10.22

Reply