Purview Integration Wireless Controller 9.21



Show first post

50 replies

I have deployed PV and EWC in recommended versions, follow the GTAC document how to configure and apparently can not see any traffic on eth0 and eth1 interface of PV. It means no flow and no mirror. Any suggestions what I am doing wrong?Yes it is Virtual Machine. Prom. mode is on. What can be theproblem with the switch?
Userlevel 6
I have deployed PV and EWC in recommended versions, follow the GTAC document how to configure and apparently can not see any traffic on eth0 and eth1 interface of PV. It means no flow and no mirror. Any suggestions what I am doing wrong?It could be, but you would see broadcast and the like. Do you see any traffic on a tcpdump? Just a wide open one? The EWC uses a non standard port to transport netflow, either 2095 or 2075 I believe.
I have deployed PV and EWC in recommended versions, follow the GTAC document how to configure and apparently can not see any traffic on eth0 and eth1 interface of PV. It means no flow and no mirror. Any suggestions what I am doing wrong?On first interface of PV I can see some broadcast, the second one(TAP) is silent...
Userlevel 6
I have deployed PV and EWC in recommended versions, follow the GTAC document how to configure and apparently can not see any traffic on eth0 and eth1 interface of PV. It means no flow and no mirror. Any suggestions what I am doing wrong?do an 'ifconfig -a' a couple of times to see if traffic is coming in.

Also a wide open tcpdump to see if anything is coming in unicast to box.

tcpdump -i eth0
I assume if the box is remotely managed the answer is yes.
If nothing on eth1, maybe the mirror interface is not eth1?
Userlevel 5
Hi,

How should I proceed with troubleshooting when PV gets NetFlow reports (I can see them via tcpdump from both EWCs that create H/A pair) but it doesn't get MirrorN via L2 port?

I've set eth1 and eth2 in PV for mirror, as one is for the LAN, and another is for EWCs. Then I put the eth in a separate vSwitch (promisc accept) with one 4095 VID port group (promisc accept), where also mirror ports of both EWCs are inserted.

I am concerned about output of OneView->Applications->Configuration->Purview Appliances->purview->Status->Diagnostics->Configuration Verification:
--------------------------------------------------
Process appid is running at pid 7927
Process appidserver is running at pid 7947
--------------------------------------------------
Checking for traffic on interface eth1
Checking for traffic on interface eth2
Checking for Netflow records on interface eth0..
Checking for Netflow records on interface eth1..
Checking for IPFIX records on loopback interface..
--------------------------------------------------
Waiting for captures to complete..
Mirror appears to be setup correctly on eth1.
Mirror appears to be setup correctly on eth2.
NOTE - Netflow does not appear to be setup to send to this host correctly. <<<
IPFIX appears to be setup correctly.
--------------------------------------------------

If needed I can share with all the details of steps I've made to configure PV/EWC.

Regards,
Tomasz

EDIT: Tcpdumping the esa1 at EWC doesn't show anything.
I am testing using mobile playing Youtube movies, with B@AP topology.
The issue with EWC and Purview was connected withsize of EWC virtual machine resources. If I had EWC with small amount of resources => EWC Small, EWC did not send any data to Purview (Netflow). When I have changed size of controller to Medium everything was OK and Purview started to work fine.
Userlevel 7
The issue with EWC and Purview was connected withsize of EWC virtual machine resources. If I had EWC with small amount of resources => EWC Small, EWC did not send any data to Purview (Netflow). When I have changed size of controller to Medium everything was OK and Purview started to work fine.Reference: https://gtacknowledge.extremenetworks.com/articles/Solution/Netflow-is-not-being-sent-to-the-PurView...
Userlevel 2
Yes... but i Have 2 c5210. And purview see the traffic but dont populate
Userlevel 6
Yes... but i Have 2 c5210. And purview see the traffic but dont populate Luis, Please be specific, if your doing a tcpdump on eth0 for port 2095 do you see data?

This is needed to see the flows. To get the response times, the eth1 port is typically used to calculate that, and you need to see two-way responses there as well.
So I would show a little of what you see on each port if possible. be mindful that public IPS might be visible on any display of eth1 mirrored traffic.
Userlevel 2
Yes... but i Have 2 c5210. And purview see the traffic but dont populate Yes...
See traffic... This machine is possible to connect with remote access. I have 2 months to demonstrate this solution. On my lab connects and works fine. But on customer not. If you or any engineer have a time to connect and see what is going on.
Collector dont populate.



Userlevel 6
Yes... but i Have 2 c5210. And purview see the traffic but dont populate Are you just not seeing application flows? Looks like both ports are seeing data.
If so, try a different browser.

We can certainly do a remote assist if you open a case with the GTAC
Instructions below.

https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-contact-Extreme-Networks-Global-Tec...
Userlevel 2
Yes... but i Have 2 c5210. And purview see the traffic but dont populate I have a case open... 2 months and all questions. all that was asked me I said , I sent screenshots I only requested a remote access someone who has already run the purview with wireless. I have 3 customers who are interested but want to see the working solution
Userlevel 4
Yes... but i Have 2 c5210. And purview see the traffic but dont populate Hi Luis, please call us at the GTAC 0800-76-25397 at your earliest convenience for us to work on this issue. Thank you and have a great weekend.
Userlevel 4
Yes... but i Have 2 c5210. And purview see the traffic but dont populate We have worked with Luis Mendes via remote session and we believe we have identified the root cause. The Admin interface cannot be used as the source interface for netflow traffic. We have suggested to have the admin interface disabled and configure one of the available physical interfaces (esa0-3) for management of the controller and to be used as the source for the netflow traffic.
Userlevel 4
Yes... but i Have 2 c5210. And purview see the traffic but dont populate See article https://gtacknowledge.extremenetworks.com/articles/Solution/Wireless-Appliance-does-not-forward-Netf....
Hello all, as soon as i enable the netflow mirror L2 port (esa1) to the purview appliance all of the wireless traffic stops. all clients are still connected to the AP's but are not able to pass traffic. NMS,NAC,Purview & WLC are virtual.. Purview configured with option 1, single interface. Any ideas?
Userlevel 6
Hello all, as soon as i enable the netflow mirror L2 port (esa1) to the purview appliance all of the wireless traffic stops. all clients are still connected to the AP's but are not able to pass traffic. NMS,NAC,Purview & WLC are virtual.. Purview configured with option 1, single interface. Any ideas? Purview will not be able to work with one interface.
It will need a eth0 and a eth1. And the ESA1 on wireless VM will need to attach to the ETH1 on the purview appliance. The wireless controllers do not support GRE interfaces, which is needed to run only one interface on the Purview appliance.
If in a purely VM environment, the ESA1 port and ETH1 ports will both need to be in a separate VSWITCH, in permiscous mode on both interfaces. Some unlicensed versions of VMWare do not support this.
This may not at all have been your issue from the controller side, but your topology does not sounds correct.
Hello all, as soon as i enable the netflow mirror L2 port (esa1) to the purview appliance all of the wireless traffic stops. all clients are still connected to the AP's but are not able to pass traffic. NMS,NAC,Purview & WLC are virtual.. Purview configured with option 1, single interface. Any ideas? Thanks Mike! I created a seperate vSwitch and assigned eth1 and esa1 to the port group purview is running perfectly! Great thread thanks for the quick responce.

Userlevel 6
Hello all, as soon as i enable the netflow mirror L2 port (esa1) to the purview appliance all of the wireless traffic stops. all clients are still connected to the AP's but are not able to pass traffic. NMS,NAC,Purview & WLC are virtual.. Purview configured with option 1, single interface. Any ideas? Welcome to the Hub Community David. Really great to have you join us!
Userlevel 6
Hello all, as soon as i enable the netflow mirror L2 port (esa1) to the purview appliance all of the wireless traffic stops. all clients are still connected to the AP's but are not able to pass traffic. NMS,NAC,Purview & WLC are virtual.. Purview configured with option 1, single interface. Any ideas? How would I set up the vSwitch when I have two EWC VMs on different hosts in different server rooms?
Userlevel 6
Hello all, as soon as i enable the netflow mirror L2 port (esa1) to the purview appliance all of the wireless traffic stops. all clients are still connected to the AP's but are not able to pass traffic. NMS,NAC,Purview & WLC are virtual.. Purview configured with option 1, single interface. Any ideas? James, I am not a VMware design expert - but the ESA port would need to be sent out a specific VLAN, probably tagged in this case, so it can get to the other sides Purview appliance VM Eth1 port. The wireless controller cannot do a Gre tunnel like the PV-FC-180 and S-Series so you will need to work around that.
Others here may have more experience in the actual configuration from a Vswitch end.
Userlevel 1
Hello all, as soon as i enable the netflow mirror L2 port (esa1) to the purview appliance all of the wireless traffic stops. all clients are still connected to the AP's but are not able to pass traffic. NMS,NAC,Purview & WLC are virtual.. Purview configured with option 1, single interface. Any ideas? Just bumping this thread.

We have two EWCs, each on different hosts, running active/active, and I'm trying to figure out how to setup one Extreme Analytics (Purview) VM, where both controllers will forward their Netflow? We aren't licensed to use Vmware's distributed switch so we have to use standard switch. Has anyone done this before? or would it be best to setup a Analytics VM on each of VM hosts where my EWC sits, as EWC esa1 and Analytics eth1, need to sit on the same Standard vSwitch.
Userlevel 6
Hello all, as soon as i enable the netflow mirror L2 port (esa1) to the purview appliance all of the wireless traffic stops. all clients are still connected to the AP's but are not able to pass traffic. NMS,NAC,Purview & WLC are virtual.. Purview configured with option 1, single interface. Any ideas? Peter: Multiple Purview VMs seems like a good idea, I'll give that a shot next week.
Userlevel 1
Hello all, as soon as i enable the netflow mirror L2 port (esa1) to the purview appliance all of the wireless traffic stops. all clients are still connected to the AP's but are not able to pass traffic. NMS,NAC,Purview & WLC are virtual.. Purview configured with option 1, single interface. Any ideas? Hi James. So far I implemented this yesterday, and it seems to be working. We have a vmware essentials plus license, so we can't use" distributed virtual switch". But if you have the license one above that, which I think is vmware enterprise, then you should be able to use one purview vm, and have a distributed virtual switch spanning across multiple vm hosts, for the EMC esa1 and purview etgh1 to plug into. If I remember correctly, I think this distributed virtual switch needs to be set to mirroring. This is all from what I've read, and unfortunately I can't confirm as I don't have the license.

From what I've done:
VM Host 1
-EMC1
-Analytics Purview 1 VM
-Standard Switch in promiscuous mode, using dedicated L2 port connected to our switch (EMC1 esa1, and Purview1 eth1 connected to this virtual switch)
-On our switch, I created a vlan, "analytics" to isolate traffic on this standard switch

VM Host 2
-EMC2
-Analytics Purview 2 VM
-Standard Switch in promiscuous mode (EMC2 esa1, and Purview2 eth1 connected to this virtual switch)
-On our switch, I created a vlan, "analytics2" to isolate traffic on this standard switch

On EMC1
-have netflow forward to Purview1

On EMC2
-have netflow forward to Purview 2

If you have any questions, let me know.
Userlevel 6
Hello all, as soon as i enable the netflow mirror L2 port (esa1) to the purview appliance all of the wireless traffic stops. all clients are still connected to the AP's but are not able to pass traffic. NMS,NAC,Purview & WLC are virtual.. Purview configured with option 1, single interface. Any ideas? Hi Peter,

While we do have Enterprise Plus vSphere, but switching to a distributed virtual switch is a big config change, so I went with the config you have above (although I assume you mean EWC not EMC). There's a few things that are covered in comments above, like using VLAN 4095 to get all data, but one thing that isn't is that you can't use the EMC to configure Wireless Controller Flow Sources, as it'll try to add both controllers of the HA pair to one capture appliance, which is exactly what you don't want. Instead, set them up manually in each EWC, and then they show up in EMC later. I also set up a DRS rule to keep the EWC and Purview VMs on the same host.

One thing I learnt while researching VMware dvSwitching is it supports Encapsulated Remote Mirroring (L3) which is a GRE port mirror. So it's conceivable that you could set that up and point it at the purview VM like you would with a CoreFlow2 GRE source. Also, now I realise I can capture normal traffic from my S4 to wireshark on my desktop.

Reply