Basic Troubleshooting - Questions And Answers - Cisco Catalyst 9400 System Management Configuration Manual

Basic Troubleshooting - Questions and Answers

dhcp,Input,08:55:47.917,08:55:47.917,Initiator,1,0,2,0,712
64.103.125.97,64.103.101.181,67,4294967305,4,17,layer7
dhcp,Input,08:55:47.917,08:55:47.917,Initiator,1,0,1,0,350
192.168.100.6,10.10.20.1,5060,4294967305,4,17,layer7 cisco-jabber-
control,Input,08:55:46.917,08:55:46.917,Initiator,1,0,2,0,2046
64.103.125.3,64.103.125.29,68,4294967305,4,17,layer7
dhcp,Input,08:55:47.917,08:55:47.917,Initiator,1,0,2,0,712
10.80.101.18,10.80.101.6,5060,4294967305,4,6,layer7 cisco-collab-
control,Input,08:55:46.917,08:55:47.917,Initiator,2,23,27,12752,8773
10.1.11.4,66.102.11.99,80,4294967305,4,6,layer7 google-
services,Input,08:55:46.917,08:55:46.917,Initiator,2,3,5,1733,663
64.103.125.2,64.103.125.97,68,4294967305,4,17,layer7
dhcp,Input,08:55:47.917,08:55:53.917,Initiator,1,0,4,0,1412
64.103.125.29,64.103.101.181,67,4294967305,4,17,layer7
dhcp,Input,08:55:47.917,08:55:47.917,Initiator,1,0,1,0,350
Basic Troubleshooting - Questions and Answers
Following are the basic questions and answers for troubleshooting wired Application Visibility and Control:
1.
2.
3.
4.
5.
6.
7.
System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
218
Question: My IPv6 traffic is not being classified.
Answer: Currently only IPv4 traffic is supported.
Question: My multicast traffic is not being classified
Answer: Currently only unicast traffic is supported
Question: I send ping but I don't see them being classified
Answer: Only TCP/UDP protocols are supported
Question: Why can't I attach NBAR to an SVI?
Answer: NBAR is only supported on physical interfaces.
Question: I see that most of my traffic is CAPWAP traffic, why?
Answer: Make sure that you have enabled NBAR on an access port that is not connected to a wireless
access port. All traffic coming from AP's will be classified as capwap. Actual classification in this case
happens either on the AP or WLC.
Question: In protocol-discovery, I see traffic only on one side. Along with that, there are a lot of
unknown traffic.
Answer: This usually indicates that NBAR sees asymmetric traffic: one side of the traffic is classified
in one switch member and the other on a different member. The recommendation is to attach NBAR
only on access ports where we see both sides of the traffic. If you have multiple uplinks, you can't attach
NBAR on them due to this issue. Similar issue happens if you configure NBAR on an interface that is
part of a port channel.
Question: With protocol-discovery, I see an aggregate view of all application. How can I see traffic
distribution over time?
Answer: WebUI will give you view of traffic over time for the last 48 hours.
Configuring Application Visibility and Control in a Wired Network