Basic Troubleshooting - Questions And Answers - Cisco Catalyst 9500 Manual

Configuring Application Visibility and Control in a Wired Network
dhcp,Input,08:55:47.917,08:55:47.917,Initiator,1,0,2,0,712
10.80.101.18,10.80.101.6,5060,4294967305,4,6,layer7 cisco-collab-
control,Input,08:55:46.917,08:55:47.917,Initiator,2,23,27,12752,8773
10.1.11.4,66.102.11.99,80,4294967305,4,6,layer7 google-
services,Input,08:55:46.917,08:55:46.917,Initiator,2,3,5,1733,663
64.103.125.2,64.103.125.97,68,4294967305,4,17,layer7
dhcp,Input,08:55:47.917,08:55:53.917,Initiator,1,0,4,0,1412
64.103.125.29,64.103.101.181,67,4294967305,4,17,layer7
dhcp,Input,08:55:47.917,08:55:47.917,Initiator,1,0,1,0,350

Basic Troubleshooting - Questions and Answers

Following are the basic questions and answers for troubleshooting wired Application Visibility and Control:
1.
2.
3.
4.
5.
6.
7.
8.
9.
Question: My IPv6 traffic is not being classified.
Answer: Currently only IPv4 traffic is supported.
Question: My multicast traffic is not being classified
Answer: Currently only unicast traffic is supported
Question: I send ping but I don't see them being classified
Answer: Only TCP/UDP protocols are supported
Question: Why can't I attach NBAR to an SVI?
Answer: NBAR is only supported on physical interfaces.
Question: I see that most of my traffic is CAPWAP traffic, why?
Answer: Make sure that you have enabled NBAR on an access port that is not connected to a wireless
access port. All traffic coming from AP's will be classified as capwap. Actual classification in this case
happens either on the AP or WLC.
Question: In protocol-discovery, I see traffic only on one side. Along with that, there are a lot of
unknown traffic.
Answer: This usually indicates that NBAR sees asymmetric traffic: one side of the traffic is classified
in one switch member and the other on a different member. The recommendation is to attach NBAR
only on access ports where we see both sides of the traffic. If you have multiple uplinks, you can't attach
NBAR on them due to this issue. Similar issue happens if you configure NBAR on an interface that is
part of a port channel.
Question: With protocol-discovery, I see an aggregate view of all application. How can I see traffic
distribution over time?
Answer: WebUI will give you view of traffic over time for the last 48 hours.
Question: I can't configure queue-based egress policy with match protocol protocol-name command.
Answer: Only shape and set DSCP are supported in a policy with NBAR2 based classifiers. Common
practice is to set DSCP on ingress and perform shaping on egress based on DSCP.
Question: I don't have NBAR2 attached to any interface but I still see that NBAR2 is activated.
System Management Configuration Guide, Cisco IOS XE Fuji 16.8.x (Catalyst 9500 Switches)
Basic Troubleshooting - Questions and Answers
143