This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

EWC and Purview Analytics don ́t work together...

EWC and Purview Analytics don ́t work together...

info_systemhaus
New Contributor II

‎12-10-2017 09:09 PM

Hello Friends,

after annoying 5 hours test i ́m very frustrated.

I upgraded my lab to EWC V10.41 with the latest purview /Analytics / netsight 8.015

First i did a flat test, EWC ETH0 / Purview ETH0 / SSID for Testing.

All together were in one VLAN, they were terminated on a VMware Host with virtual Nic set to VLAN4095 and the Port on the Switch was PVID and Untagged on VLAN 100 ..

That ́s worked fine Without Problems.

After that i wanted to build up a more Standard and Secure Solution.

EWC ETH 0 and Purview ETH 0 are into the same vlan. ( 101 )

WLAN Traffic is configured as Bridged@EWC (with VLAN Taged 100)

I have configured Netflow in EWC as described into the guides, IP of ETH0 Purview Appliance

Mirror Port : None

But there is no NetFlow Traffic arrive on the ETH0 Interface of Purview Appliance and i dont know why anymore.

I checked this with : tcpdump -i eth0 udp port 2095 on the Pureview appliance.

I can ping from purview eth0 to EWC eth0.

I made a cap file on the eth0 of the EWC an no packet is going into direction of purview.

I made some pings from purview to ewc and again a Network dump with packet capture..and with wirshark i can see the icmp packets coming from Purview and going to purview.

At this time i don ́t know where i can still search for this error....

Perhaps someone of you can read something into the cap file, i will attach this.

The file was recorded as i pinged from ewc eth0 to purview eth0 and reverse.

IP : 192.168.50.4 ( EWC eth0 ) 192.168.50.12 ( Purview eth0)

Some Questions for me:

1. what ist the source Interface of NetFlow Data from EWC, is this ETH0 in every Situation ?

2. which deployment is the right for Integration of an ewc to purview.

As i understand this should be single Interface but Without GRE Tunnel ....

how can i configure this, or do i Need a gre tunnel Between the EWC and the Purview for

using NetFlow Without dedicated L2 Mirror ?

Christian

Dropbox Link to cap file

https://www.dropbox.com/s/wnqwx9g67j9a9gs/mgmt_traffic_dump4.cap?dl=0

if the Standard questions are coming 

- yes NetFlow is activated in Advanced WLAN Services of SSID

- yes Traffic Mirror is activated on the main tab of WLAN Services

- yes Appliaction Visibility is activated on the same tab

- yes traffic mirror is activated into the designated role for this SSID / VNS

0 Kudos
7 REPLIES 7

Zdeněk_Pala
Extreme Employee

‎12-11-2017 10:46 PM

I am using tcpdump on the EWC...
Regards Zdeněk Pala
0 Kudos

info_systemhaus
New Contributor II

‎12-11-2017 06:38 PM

thx.. i will test it, but one question

How can i definitely check that NetFlow packets will sent out from EWC ?

0 Kudos

Zdeněk_Pala
Extreme Employee

‎12-11-2017 06:48 AM

The best practise is: Do not use Admin interface (out-of-band) (disconnect). Use only one (exactly one) physical topology (you can have as many as you need B@AP, B@EWC, routed...) The physical topology should be used for netflow export. Good luck.
Regards Zdeněk Pala
0 Kudos
GTM-P2G8KFN