Information About Application Visibility and Control
Application Visibility and Control (AVC) is a subset of the entire Flexible NetFlow (FNF) package that can provide traffic information. The AVC feature employs a distributed approach that benefits from NBAR running on the access point (AP) or embedded wireless controller whose goal is to run deep packet inspection (DPI) and reports the results using FNF messages.
AVC enables you to perform real-time analysis and create policies to reduce network congestion, costly network link usage, and infrastructure upgrades. Traffic flows are analyzed and recognized using the NBAR2 engine. The specific flow is marked with the recognized protocol or application. This per-flow information can be used for application visibility using FNF. After the application visibility is established, a user can define control rules with policing mechanisms for a client.
Using AVC rules, you can limit the bandwidth of a particular application for all the clients joined on the WLAN. These bandwidth contracts coexist with per-client downstream rate limiting that takes precedence over the per-application rate limits.
FNF feature is supported in wireless, and relies on the NetFlow enablement on the embedded wireless controller for flex mode.
The behavior of the AVC solution changes based on the wireless deployments. The following sections describe the commonalities and differences in all scenarios:
Flex Mode
-
NBAR is enabled on an AP
-
AVC pushes the FNF configuration to the APs.
-
Supports context transfer for roaming in AVC-FNF.
-
Supports NetFlow exporter.
Prerequisites for Application Visibility and Control
-
The access points should be AVC capable.
-
For the control part of AVC (QoS) to work, the application visibility feature with FNF has to be configured.
Restrictions for Application Visibility and Control
-
Layer 2 roaming is not supported across embedded wireless controllercontrollers.
-
Multicast traffic is not supported.
-
AVC is supported only on the following access points:
-
Cisco Aironet 1800 Series Access Points
-
Cisco Aironet 2700 Series Access Point
-
Cisco Aironet 2800 Series Access Point
-
Cisco Aironet 3700 Series Access Points
-
Cisco Aironet 3800 Series Access Points
-
Cisco Aironet 4800 Series Access Points
-
-
AVC is not supported on Cisco Aironet 702W, 702I (128 M memory), and 1530 Series access points.
-
Only the applications that are recognized with App visibility can be used for applying QoS control.
-
Data link is not supported for NetFlow fields in AVC.
-
You cannot map the same WLAN profile to both the AVC-not-enabled policy profile and the AVC-enabled policy profile.
-
NBAR-based QoS policy configuration is allowed at client level and BSSID level, configured on policy profile.
When AVC is enabled, the AVC profile supports only up to 23 rules, which includes the default DSCP rule. The AVC policy will not be pushed down to the AP, if rules are more than 23.
AVC Configuration Overview
To configure AVC, follow these steps:
-
Create a flow monitor using the record wireless avc basic command.
-
Create a wireless policy profile.
-
Apply the flow monitor to the wireless policy profile.
-
Create a wireless policy tag.
-
Map the WLAN to the policy profile
-
Attach the policy tag to the APs.