CISCO DNA Traffic Telemetry Appliance Instructions

CISCO DNA Traffic Telemetry Appliance

Product Information

• The Cisco DNA Traffic Telemetry Appliance is designed to operate with Cisco DNA Center. It supports seven monitoring interfaces and one telemetry interface. The monitoring interfaces receive traffic
  from a switch or router through ERSPAN mirroring. The appliance sends the traffic to Network-Based Application Recognition (NBAR) for analysis and produces the NetFlow telemetry stream for DNA Center.

• Figure 1 shows the topology for ERSPAN decapsulation on the Cisco DNA Traffic Telemetry Appliance.

Product Usage Instructions

Configure the Network
To configure the network, follow these steps:

• Example Configuration of Organization’s AggregationSwitch:
  • switch(config)#monitor session 1 source vlan 10 , 20 , 30 both
  • switch(config)#monitor session 1 destination interface gigabitEthernet 1/0/19
• To verify the configuration:
  • switch(config)#do show run | inc monitor

Configure the Encapsulated Remote Switching Port Analyzer

• To configure the Encapsulated Remote Switching Port Analyzer, use the following commands:
  • Configure an ERSPAN Source Session:
  • interface GigabitEthernet1/0/1
  • ip address 100.0.0.1 255.255.255.0
  • media-type rj45
  • negotiation auto cdp enable monitor session 2 type erspan-source source interface Gi1/0/0 destination erspan-id 100 mtu 2000 ip address 100.0.0.2 ipv6 dscp 0 ipv6 ttl 0 origin ip address 100.0.0.1
  • Configure an ERSPAN Destination Session:
  • interface GigabitEthernet0/0/2
  • ip address 100.0.0.2 255.255.255.0
  • negotiation auto
  • cdp enable
  • interface Loopback0
  • ip address 9.9.9.6 255.255.255.255
  • ipv6 address 9::6/128
  • interface Loopback1
  • ip address 33.33.33.33 255.255.255.0
  • interface Tunnel1003
  • no ip address
  • ip nbar protocol-discovery ipv4
  • cdp enable
  • tunnel source Loopback0
  • tunnel destination 33.33.33.33
  • monitor session 1 type erspan-destination destination interface Tu1003 source erspan-id 100 ip address 100.0.0.2

Verify Commands and Debug Commands

• To troubleshoot and verify your configuration, use the following commands:
  • Verify Commands:
  • Operating with Cisco DNA Center 3

Cisco DNA Traffic Telemetry Appliance Connections

• When using the Cisco DNA Traffic Telemetry Appliance, make the following connections:
  • Operating with Cisco DNA Center

Operating with Cisco DNA Center
This chapter describes how the Cisco DNA Traffic Telemetry Appliance operates with Cisco DNA Center and how to connect the network to the appliance.

• Configure the Network,
• Configure the Encapsulated Remote Switching Port Analyzer ,
• Cisco DNA Traffic Telemetry Appliance Connections,
• Configure Cisco DNA Traffic Telemetry Appliance Network Settings,

Configure the Network

Configure a Span of L2 Traffic

• On the organization’s network, configure a Layer 2 (L2) aggregation switch, or similar, to span a stream of the L2 traffic to the Cisco DNA Traffic Telemetry Appliance. This must be a distribution layer switch (based on a three-layer networking model of access layer, distribution layer, core layer) in order to include traffic and devices from all segments of the access layer.
• The Cisco DNA Traffic Telemetry Appliance uses the span for traffic analysis and device discovery. When configuring the span, include all desired VLANs. For example, you might choose to include all VLANs for the organization’s operational traffic, while excluding traffic from a VLAN used for a testing lab. Alternatively, you might include all VLANs.

Example Configuration of Organization’s Aggregation Switch

• This example, executed on a Cisco switch, configures a span of traffic for VLANs 10, 20, and 30, on gigabitEthernet port 19.
• switch(config)#monitor session 1 source vlan 10 , 20 , 30 both
• switch(config)#monitor session 1 destination interface gigabitEthernet 1/0/19

To verify:

• switch(config)#do show run | inc monitor monitoring
• monitor session 1 source vlan 10 , 20 , 30
• monitor session 1 destination interface Gi1/0/19

Configure the Encapsulated Remote Switching Port Analyzer

• The Cisco DNA Traffic Telemetry Appliance supports the Encapsulated Remote Switching Port Analyzer (ERSPAN) feature on both source and destination ports. The ERSPAN transports mirrored traffic over an IP network. The traffic is encapsulated at the source router and transferred across the network. The packet is decapsulated at the destination router and then sent to the destination interface. The ERSPAN consists of an ERSPAN source session, routable ERSPAN Generic Routing Encapsulation (GRE) traffic, and an ERSPAN destination session. You can configure the network devices to mirror traffic on specific ports or VLANs and send the traffic to the telemetry sensor for deep packet inspection (DPI). The telemetry sensor receives and processes the data from a port that is configured as ERSPAN. The port’s source sessions and destination sessions are on different switches.
• The Cisco DNA Traffic Telemetry Appliance supports seven monitoring interfaces and one telemetry interface. The monitoring interfaces receive traffic from a switch or router through ERSPAN mirroring. The Cisco DNA Traffic Telemetry Appliancesends the traffic to Network-Based Application Recognition (NBAR) to analyze and produce the NetFlow telemetry stream for DNA Center.

Figure 1: Topology for ERSPAN Decapsulation on Cisco DNA Traffic Telemetry Appliance

You can configure the monitoring interface with an IPv4 address. This interface acts as an ERSPAN decapsulation interface and terminates the ERSPAN traffic and removes the ERSPAN header. After removing the IPv4 address, the traffic is sent to the next available monitoring interface or tunnel. This interface acts as an ERSPAN destination interface and analyzes the original traffic through NBAR.

Use the following commands to configure the ERSPAN destination interface:

• ip nbar protocol-discovery
• ip flow monitor
• performance monitor

Configure an ERSPAN Source Session

• This example shows how to configure an ERSPAN source session:
  • interface GigabitEthernet1/0/1
  • ip address 100.0.0.1 255.255.255.0 media-type rj45
  • negotiation auto
  • cdp enable
• monitor session 2 type erspan-source source interface Gi1/0/0
  • destination
  • erspan-id 100
  • mtu 2000
  • ip address 100.0.0.2
  • ipv6 dscp 0
  • ipv6 ttl 0
  • origin ip address 100.0.0.1

Configure an ERSPAN Destination Session

• This example shows how to configure an ERSPAN destination session:
  • interface GigabitEthernet0/0/2
  • ip address 100.0.0.2 255.255.255.0 negotiation auto
  • cdp enable
• interface Loopback0
  • ip address 9.9.9.6 255.255.255.255
  • ipv6 address 9::6/128
• interface Loopback1
  • ip address 33.33.33.33 255.255.255.0
• interface Tunnel1003
  • no ip address
  • ip nbar protocol-discovery ipv4 cdp enable
  • tunnel source Loopback0 tunnel destination 33.33.33.33
• monitor session 1 type erspan-destination destination interface Tu1003 source
  • erspan-id 100
  • ip address 100.0.0.2

Verify Commands and Debug Commands

Use the following commands to troubleshoot and verify your configuration:

• show cdp neighbors
•  show udp neighbors
• debug platform hardware qfp active feature erspan datapath all
• debug platform hardware qfp active feature erspan client all
• set platform software trace forwarding-manager f0 erspan debug
• set platform software trace forwarding-manager r0 erspan debug
• show platform hardware qfp active feature erspan session <1-1024>

Cisco DNA Traffic Telemetry Appliance Connections

This section describes the connections to make when using a Cisco DNA Traffic Telemetry Appliance.

Option 1: Organization’s Aggregation Switch Has 10GE Port Available

Cisco DNA Traffic Telemetry Appliance Port| Interface| Connection
---|---|---
TE0 or TE1| Te0/0/0 or Te0/0/1| Organization’s aggregation switch, 10GE port: Span connection (for traffic analysis and device discovery)
GE5| Gi0/0/5| Management network

Note 10 Gigabit Ethernet (10GE) ports are commonly labeled TE.

Option 2: Organization’s Aggregation Switch Has 1GE Ports Only

Cisco DNA Traffic Telemetry Appliance Port| Interface| Connection
---|---|---
Any one of: GE0 to GE4| Gi0/0/0 to Gi0/0/4| Organization’s aggregation switch, GE port: Span connection (for traffic analysis and device discovery)
GE5| Gi0/0/5| Management network

Configure Cisco DNA Traffic Telemetry Appliance Network Settings

• Network settings include:
  • Cisco DNA Traffic Telemetry Appliance interface
  • Default route

1. Connect the network port to reach Cisco DNA Center and configure the IP address on the appliance.
   Example: #show run int gigabitEthernet 0/0/5 interface GigabitEthernet0/0/5 description * Management Interface **** ip address 10.33.100.13 255.255.255.0 negotiation auto cdp enable end

2. (Optional) Configure the loopback IP address.
   Example: interface Loopback0 ip address 10.33.33.26 255.255.255.255

3. Configure the credentials and enable the password, SSH, and NETCONF.
   Example: hostname username dna privilege 15 algorithm-type scrypt secret enable secret service password-encryption ip domain name dnasolutions.com

   • ip ssh version 2
   • line vty 0 15
   • login local transport input ssh transport preferred none ip ssh source-interface loopback0 aaa new-model aaa authentication login default local aaa authorization exec default local netconf-yang

4. Configure the default route.
   Example: ip route 0.0.0.0 0.0.0.0 10.33.100.1

5. In a wireless environment, for wireless traffic monitoring, configure NBAR support for CAPWAP: conf tip nbar classification tunneled-traffic capwap

Read User Manual Online (PDF format)

Read User Manual Online (PDF format)  >>

Download This Manual (PDF format)

Download this manual  >>