Basic Troubleshooting - Questions and Answers
dhcp,Input,08:55:47.917,08:55:53.917,Initiator,1,0,4,0,1412
64.103.125.29,64.103.101.181,67,4294967305,4,17,layer7
dhcp,Input,08:55:47.917,08:55:47.917,Initiator,1,0,1,0,350
Basic Troubleshooting - Questions and Answers
Following are the basic questions and answers for troubleshooting wired Application Visibility and Control:
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
162
Question: My IPv6 traffic is not being classified.
Answer: Currently only IPv4 traffic is supported.
Question: My multicast traffic is not being classified
Answer: Currently only unicast traffic is supported
Question: I send ping but I don't see them being classified
Answer: Only TCP/UDP protocols are supported
Question: Why can't I attach NBAR to an SVI?
Answer: NBAR is only supported on physical interfaces.
Question: I see that most of my traffic is CAPWAP traffic, why?
Answer: Make sure that you have enabled NBAR on an access port that is not connected to a wireless
access port. All traffic coming from AP's will be classified as capwap. Actual classification in this case
happens either on the AP or WLC.
Question: In protocol-discovery, I see traffic only on one side. Along with that, there are a lot of
unknown traffic.
Answer: This usually indicates that NBAR sees asymmetric traffic: one side of the traffic is classified
in one switch member and the other on a different member. The recommendation is to attach NBAR
only on access ports where we see both sides of the traffic. If you have multiple uplinks, you can't attach
NBAR on them due to this issue. Similar issue happens if you configure NBAR on an interface that is
part of a port channel.
Question: With protocol-discovery, I see an aggregate view of all application. How can I see traffic
distribution over time?
Answer: WebUI will give you view of traffic over time for the last 48 hours.
Question: I can't configure queue-based egress policy with match protocol protocol-name command.
Answer: Only shape and set DSCP are supported in a policy with NBAR2 based classifiers. Common
practice is to set DSCP on ingress and perform shaping on egress based on DSCP.
Question: I don't have NBAR2 attached to any interface but I still see that NBAR2 is activated.
Answer: If you have any class-map with match protocol protocol-name, NBAR will be globally
activated on the switch but no traffic will be subjected to NBAR classification. This is an expected
behavior and it does not consume any resources.
Question: I see some traffic under the default QOS queue. Why?
Answer: For each new flow, it takes a few packets to classify it and install the result in the hardware.
During this time, the classification would be 'un-known' and traffic will fall under the default queue.
Configuring Application Visibility and Control in a Wired Network