Starting from WLC 7.5.x release, you can update the NBAR2 protocol packs independent to the controller software. Protocol packs are software packages that allow update of signature support without replacing the image on the Controller. You have an option to load protocol packs dynamically when new protocol support is being added. There will be two kinds of Protocol Packs-Major and Minor:
• Major protocol packs include support for new protocols, updates and bug fixes.
• Minor protocol packs typically do not include support for new protocols.
• Protocol packs are targeted to specific platform types, software versions and releases separately.Protocol Packs can be downloaded from CCO using the software type “NBAR2 Protocol Pack“.
Below link provide the information about available NBAR2 protocol packs for supported platforms.
http://www.cisco.com/en/US/docs/ios-xml/ios/qos_nbar/prot_lib/config_library/nbar-prot-pack-library.html
This link provide the protocol pack 4.1.1 specific information.
http://www.cisco.com/en/US/docs/wireless/controller/nbar2_prot_pack/4.1.1/b_nbar2_prot_pack_411_chapter_01.html
NBAR2 Protocol Pack 4.1.1 is supported on the following Cisco Wireless LAN Controller platforms:
1. Cisco 5508 Wireless Controller
2. Cisco Flex 7500 Series Wireless Controllers
3. Cisco 8510 Wireless Controller
4. Cisco Wireless Services Module 2 (WiSM2)
**** The Cisco 2504 Wireless Controller supports Application Visibility and Control, but does not support protocol packs ****
Protocol packs are released with specific NBAR engine versions. For example, WLC 7.5 has NBAR engine 13. The protocol pack file “pp-AIR-7.5-13-4.1.1.pack” (Format: pp-AIR-{release}-{engine version}-M.m.r.pack) will be located in the same location with the controller code version 7.5.
You can verify the AVC engine version & the protocol pack version of your controller as shown below
(BUN-PW00-WC01) >show avc engine version AVC Engine Version: 13 (BUN-PW00-WC01) >show avc ? profile protocol-pack (BUN-PW00-WC01) >show avc protocol-pack ? version Display AVC Protocol-Pack Version information. (BUN-PW00-WC01) >show avc protocol-pack version AVC Protocol Pack Name: Advanced Protocol Pack AVC Protocol Pack Version: 1.0
You can download a protocol pack to WLC like normal file transfer via FTP or TFTP. I have used TFTP method here. Datatype to be selected as “avc-protocol-pack” as shown below.
(BUN-PW00-WC01) >transfer download mode tftp (BUN-PW00-WC01) >transfer download datatype avc-protocol-pack (BUN-PW00-WC01) >transfer download path . (BUN-PW00-WC01) >transfer download serverip x.x.13.2 (BUN-PW00-WC01) >transfer download filename pp-AIR-7.5-13-4.1.1.pack (BUN-PW00-WC01) >transfer download start Mode............................................. TFTP Data Type........................................ AVC Protocol Pack TFTP Server IP................................... 131.172.13.2 TFTP Packet Timeout.............................. 6 TFTP Max Retries................................. 10 TFTP Path........................................ ./ TFTP Filename.................................... pp-AIR-7.5-13-4.1.1.pack Starting tranfer of AVC Protocol Pack This may take some time. Are you sure you want to start? (y/N) y TFTP AVC Protocol Pack transfer starting. TFTP receive complete... Loading Protocol Pack. AVC Protocol Pack installed.
Once installation complete, you can verify the AVC protocol pack status using the same previous two commands as shown in the below.
(BUN-PW00-WC01) >show avc protocol-pack version AVC Protocol Pack Name: Advanced Protocol Pack AVC Protocol Pack Version: 4.10001 (BUN-PW00-WC01) >show avc engine version AVC Engine Version: 13
**** If you are using WLC 7.6.x code, then latest AVC protocol pack is “pp-AIR-7.6-13-6.3.0.pack“. You need to use this if your WLC is running on 7.6.x software release ****
When configuring AVC (specifically to re-calssify traffic), it is important to understand the interaction with QoS for the given WLAN.The NBAR2 functionality is based on the DSCP setting. The following occurs to the packets in Upstream and Downstream directions if AVC and QoS are configured on the same WLAN:
Upstream
1.Packet comes with or without inner DSCP from wireless side (wireless client).
2.AP will add DSCP in the CAPWAP header that is configured on WLAN (QoS based config).
3.WLC will remove CAPWAP header.
4.AVC module on the controller will overwrite the DSCP to the configured marked value in the AVC profile and send it out.
Downstream
1.Packet comes from switch with or without inner DSCP wired side value.
2.AVC module will overwrite the inner DSCP value.
3.Controller will compare WLAN QoS configuration (as per 802.1p value that is actually 802.11e) with inner DSCP value that NBAR had overwritten. WLC will choose the lesser value and put it into CAPWAP header for DSCP.
4.WLC will send out the packet to AP with QoS WLAN setting on the outer CAPWAP and AVC inner DSCP setting.
5.AP strips the CAPWAP header and sends the packet on air with AVC DSCP setting; if AVC was not applied to an application then that application will adopt the QoS setting of the WLAN.
Here is the link for the protocol list supported by NBAR2 for your reference
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6558/ps6616/product_bulletin_c25-627831.html
Reference1. AVC Feature Deployment Guide (Phase-2), Software Release 7.5
2. BRKNMS-1040 : Managing AVC with Cisco Prime Infrastructure 2.0
Related Posts
