This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

EWC and Purview Analytics don ́t work together...

EWC and Purview Analytics don ́t work together...

info_systemhaus
New Contributor II

‎12-10-2017 09:09 PM

Hello Friends,

after annoying 5 hours test i ́m very frustrated.

I upgraded my lab to EWC V10.41 with the latest purview /Analytics / netsight 8.015

First i did a flat test, EWC ETH0 / Purview ETH0 / SSID for Testing.

All together were in one VLAN, they were terminated on a VMware Host with virtual Nic set to VLAN4095 and the Port on the Switch was PVID and Untagged on VLAN 100 ..

That ́s worked fine Without Problems.

After that i wanted to build up a more Standard and Secure Solution.

EWC ETH 0 and Purview ETH 0 are into the same vlan. ( 101 )

WLAN Traffic is configured as Bridged@EWC (with VLAN Taged 100)

I have configured Netflow in EWC as described into the guides, IP of ETH0 Purview Appliance

Mirror Port : None

But there is no NetFlow Traffic arrive on the ETH0 Interface of Purview Appliance and i dont know why anymore.

I checked this with : tcpdump -i eth0 udp port 2095 on the Pureview appliance.

I can ping from purview eth0 to EWC eth0.

I made a cap file on the eth0 of the EWC an no packet is going into direction of purview.

I made some pings from purview to ewc and again a Network dump with packet capture..and with wirshark i can see the icmp packets coming from Purview and going to purview.

At this time i don ́t know where i can still search for this error....

Perhaps someone of you can read something into the cap file, i will attach this.

The file was recorded as i pinged from ewc eth0 to purview eth0 and reverse.

IP : 192.168.50.4 ( EWC eth0 ) 192.168.50.12 ( Purview eth0)

Some Questions for me:

1. what ist the source Interface of NetFlow Data from EWC, is this ETH0 in every Situation ?

2. which deployment is the right for Integration of an ewc to purview.

As i understand this should be single Interface but Without GRE Tunnel ....

how can i configure this, or do i Need a gre tunnel Between the EWC and the Purview for

using NetFlow Without dedicated L2 Mirror ?

Christian

Dropbox Link to cap file

https://www.dropbox.com/s/wnqwx9g67j9a9gs/mgmt_traffic_dump4.cap?dl=0

if the Standard questions are coming 

- yes NetFlow is activated in Advanced WLAN Services of SSID

- yes Traffic Mirror is activated on the main tab of WLAN Services

- yes Appliaction Visibility is activated on the same tab

- yes traffic mirror is activated into the designated role for this SSID / VNS

0 Kudos
7 REPLIES 7

Ronald_Dvorak
Honored Contributor

‎12-13-2017 12:11 AM

Please disable the controller eth0/admin port (in VM) and replace the IP with a unused IP/subnet just to make sure it's not used.

I had a mirror setup till now (I was too lazy to change it) but now I've disabled/removed the mirror and configured it for IPFIX like this...

https://gtacknowledge.extremenetworks.com/articles/How_To/Configuring-a-Identifi-Wireless-Controller...

From my test you'd skip the controller config completely (screenshot#1) because if you just do the Analytics config (2nd screenshot) everything is done via EMC...

- EMC sets the Analytics IP on the controller
- EMC sets all the WLANs that you checkmark and configures the controller WLANs to "Default Traffic Mirror: enabled both directions"
!!! I've rx an error after I hit apply/save in EMC but still everything was fine !!!

After that one configuration step in Analytics I've rx NetFlow information (tcpdump -i eth0 udp port 2095) BUT I didn;t see anything with tcpdump on the controller... not sure why or whether that is FAD.... but give it a try and run the command on the Analytics instead of the controller (I know you'd like to check whether something is going out but I wasn't able to see packets even it was working).

Here the proof that EMC configured everything = controller audit UI log...

12/13/17 01:54:39NetsightvnswlansWLANS SecureAccess configuration changed:
12/13/17 01:54:39Netsightvnswlans[mirrorn] setting has changed from [0] to [1]
12/13/17 01:54:39Netsightvnswlans[netflow] setting has changed from [0] to [1]
12/13/17 01:54:39NetsightvnsgeneralNetflow MirrorN configuration changed: netflow_export_ip from 0.0.0.0 to 172.24.24.120,

From what I see it looks like that you don't need to set anything on the roles (mirror = disabled).

-Ron
0 Kudos

Bharathiraja__S
Extreme Employee

‎12-12-2017 11:53 PM

Hi ,

Since you have all latest firmware's in your set up,

Could you open a GTAC case because you already very frustrated fixing this issue by yourself.

Thanks,

Suresh.B

0 Kudos

info_systemhaus
New Contributor II

‎12-12-2017 09:29 PM

.. 😞 no ... i´m very frustrated .. the EWC seems to strike against my whishes
i did a "tcpdump -i any -n udp port 2095" on the EWC Shell and no Little packet is passing

Do you know any Rule (predefined) or Setting that could block this NetFlow Generation on EWC ?

I have only one physical topology ..

from this and from every other Interface i can ping the eth0 of purview appliance ..

but the EWC don´t generate any packet of NetFlow .. as it seems.

9b2ca20a9dc3493cabe416ac60018fcc_RackMultipart20171212-67527-vxwipr-P2_inline.png



0 Kudos

Bharathiraja__S
Extreme Employee

‎12-12-2017 01:57 AM

Hi ,

Just wanted to check , is this taken care now ? are you able to complete the set up ?

Thanks,

Suresh.B

0 Kudos
GTM-P2G8KFN