• IPv6 packet classification is not supported.
• Only IPv4 unicast(TCP/UDP) is supported.
• Web UI: You can configure application visibility and perform application monitoring from the Web UI.
Application Control can only be done using the CLI. It is not supported on the Web UI.
To manage and check wired AVC traffic on the Web UI, you must first configure ip http authentication
local and ip nbar http-service commands using the CLI.
• NBAR and ACL logging cannot be configured together on the same switch.
• Protocol-discovery, application-based QoS, and wired AVC FNF cannot be configured together at the
same time on the same interface with the non-application-based FNF. However, these wired AVC features
can be configured with each other. For example, protocol-discovery, application-based QoS and wired
AVC FNF can be configured together on the same interface at the same time.
• Starting with Cisco IOS XE Fuji 16.9.1, up to two wired AVC monitors each with a different predefined
record can be attached to an interface at the same time.
• Two new directional flow records - ingress and egress - have been introduced in Cisco IOS XE Fuji
16.9.1, in addition to the two existing legacy flow records.
• Attachment should be done only on physical Layer 2 and Layer 3 ports, and these ports cannot be part
of a port channel. Attachment to trunk ports are not supported.
• Performance: Each switch member is able to handle 2000 connections per second (CPS) at less than 50%
CPU utilization.
• Scale: Able to handle up to 20,000 bi-directional flows per 48 access ports and 10,000 bi-directional
flows per 24 access ports. (~200 flows per access port).
• Wired AVC allows only the fixed set of fields listed in the procedures of this chapter. Other combinations
are not allowed. For a regular FNF flow monitor, other combinations are allowed (for the list of supported
FNF fields, refer the "Configuring Flexible NetFlow" chapter of the Network Management Configuration
Guide).
• Starting with Cisco IOS XE 16.12.1 release, a new flow record has been included - the DNS flow record.
The DNS flow record is similar to the 5-tuple record and includes the DNS domain name field. It accounts
only for DNS related fields. This record doesn't have the interface field as a match filed, so the information
from all interfaces is aggregated into the same record.
How to Configure Application Visibility and Control
Configuring Application Visibility and Control in a Wired Network
To configure application visibility and control on wired ports, follow these steps:
Configuring Visibility :
• Activate NBAR2 engine by enabling protocol-discovery on the interface using the ip nbar
protocol-disco very command in the interface configuration mode. See Enabling Application Recognition
on an interface, on page 125 .
System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
124
Configuring Application Visibility and Control in a Wired Network
How to Configure Application Visibility and Control
To Next Page
Loading...
Need help?
General