Intelligent Capture | Live Enterprise Wireless Troubleshooting

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello everyone my name is Richard Jiang and I'm a technical marketing engineer here at Cisco's Wireless enterprise networking department today I'm going to be providing you with an overview of when a Cisco DNA centers newest assurance features intelligent capture this state-of-the-art intent-based networking solution has the purpose of allowing a network operations team to resolve any wireless issue not only quickly and efficiently but also remotely for this video you'll learn about the various customer pain points existing today in Wireless the use cases of this feature that solved those problems some Bri requisites that will help you get started as well as a live feature demo now to get started let me provide you with a common day-to-day scenario in regards to how a network operations team might be handling a live wireless issue today imagine we have a network operations specialist named Fred his primary role in the company is to maintain his company's wireless network in healthy states and to resolve any employee issues in the network his goal is to ensure all employees have a great wireless network experience and can focus their attention on being productive but let's say we have a scenario in which a single employee has opened an IT ticket complaining that his laptop is unable to connect to the wireless network how if reg debugged his issue without Cisco DNA centers intelligent capture to provide an immediate technical insight into the problem Fred would have to begin manually inspecting each component of his network infrastructure for the root cause if fred is unable to root cause that issue from the data he's able to collect from his controller or access point his next step would be to pay that employees location a visit and taken over the air Wireless packet capture to investigate what part of the 802 11 handshake is causing the laptops onboarding process to fail upon collecting this packet capture he now has to spend large amounts of time analyzing the data before anything could be potentially concluded as you can imagine this process is not only incredibly time consuming but also impractical now picture 10 employees filing the same complaint it would be nearly impossible to scale this troubleshooting efforts properly resulting in time being wasted with that being said this is where Cisco's intelligent capture solution comes into the picture to provide you with an understanding of this features power and capability we're going to dive into the high level use cases of this feature for a first use case we have data capture and live capture which provides our access points the ability to schedule a packet capture on any client in the network directly from our DNA C platform when enabled on a supported access point the access point will send both the management and data packets directly to our DNA C platform where the user will be able to view a on a graphical user interface for our second use case we have anomaly detection which provides our access points in the controller's with the ability to intelligently identify the exact reason why a wireless client is having issues joining the network in addition to providing the user with a packet capture of the exact issue the user will even be provided a plain text message explain to them exactly where in the unbinding process failed for our third use case we have AP and client statistics which will provide users with a live in-depth analytical view of the various wireless metrics that can play a role in an AP or client's connectivity or throughput for our final use case we have spectrum analysis which will provide our user with a beautiful as well as accurate visualization of the RF noise and interference surrounding each of their supported access points all of what I've just explained can be easily done by a single user from a single laptop from anywhere in the world which is why this is such a powerful feature with that being said let's dive into how this feature really looks with a live demo in this demo I'm going to be starting off with a high-level de0 run-through of how we would initially discover our network infrastructure on Cisco DNA Center and about completion I'll then be diving into the in-depth day 1 drill down of how we will use intelligent capture to monitor and troubleshoot our network if you are already familiar with a day 0 process a Cisco DNA Center you can go ahead and click on the annotation that has appeared on the screen to skip directly to where I'm enabling the features of intelligent capture when we initially log into Cisco DNA Center we will show up at this homepage the first thing we want to do is at our controller and access points into the system we can start off by opening this hamburger menu at the top left-hand corner of the screen Pinkley on tools discovery then add discovery and here we can go ahead and include our controller name control IP subnet as well as include any login credentials such as SSH username and password as well as SNMP read and write credentials after filling in these details we can go ahead and hit discover for the purpose of this demo I've already discovered one of my controllers and as you can see on the right-hand side everything is successful now that our network devices have been discovered our next step is to create a site hierarchy which depicts where our network infrared and an network hierarchy here you'll notice that I already have a number of areas created on the map such as Los Angeles Palo Alto and Pleasanton the typical hierarchy of a site is by area which is typically maybe a city then building which is your company's building within that city as well as a floor within that building in order to create these you can go ahead and click on the COG button next to any of these sites and you can create a child site within for the purpose of this demo let's go ahead and assume that I've just created this Los Angeles site now that we have our site created we can go on to our last step of configuration which is assigning our discovered wireless controller and access points to the buildings and floors to do so we can open up the hamburger menu again click on provision in the inventory to view the devices will be just discovered we can navigate to the unassigned devices section on the left here you'll see the controller and it's - joint access points that we just discovered so typically a controller is assigned to a building and an AP is to sign to specific floors within that building so let's go ahead and clubbing the checkbox next to the controller let's go to action a sign device to site and let's choose a site and let's choose the building with it less Angeles save and the next and then assign so now our controller is within the building within Los Angeles let's assign our access points now action provision assign devices to site now let's go ahead and choose a floor so within this site I only have one floor floor three so let's save and let's assign both of them to the same floor head next and then assigned at this point both of our controller and access points have been assigned to the proper site and we can now enable the two passive features of intelligent capture AP and climb stats as well as anomaly detection in order to do so we can go back to the hamburger menu go to assurance and go to intelligent capture settings and then access point here you'll find our two features ap stats capture and anomaly capture and for both these features they gave us ability to either disable the feature enable it on a per ap level or at a global level which means that all a piece join to the WLC will have the feature enabled for the purpose of this demo I already have it in a belated globally so all my features have this enabled already now that's who of the intelligent capture features are enabled let's go ahead and start the day one portion of this demo by navigating to the intelligent capture client page I've already connected a wireless client to my network beforehand so I can visit that clients intelligent capture page by clicking on the magnifying glass at the top pasting in the client Mac clicking on the client 360 button then clicking on intelligent capture now we've entered the intelligent capture client page the purpose of this page is to provide users with as much live technical details regarding this client as possible so that any issue seen can be quickly root-cause and resolved let's go over the features one by one to get started let's assume that we're currently looking at the client of a complaining employee who was occasionally having issues with their client joining the network earlier in the day first things first intelligent capture allows us to go back in time for up to 14 days so if you've missed the moment a complaint was made you can simply go back in time by clicking on this clock here choosing a specific time or day or expanding the timeslot of this page by clicking on the drop down menu here let's go back five hours ago to 4:00 p.m. when the issue ID occurred moving on if you've integrated cmx with Cisco DNA Center we can actually view the location of the client as shown here by the dot in the heat map this way right off the bat we can immediately have a sense in regards to the surrounding RF environment of the client and can think of everything relative to that next up here at the top we can see it says data packet capturing this is the data packet capture feature we've discussed in the beginning and it will allow any supported access points to continuously capture both the management and data frames of the client then the access point will then send the natively encrypted data frames in a decrypted form that will allow a user to validate the l-2 and l-3 QoS consistency TCP level retransmission and other application level handshake details in a manner which would not normally be possible for the demo I already had the feature enabled however if you want to have it enabled or disabled you can simply click on the button here if you would like to view the package you can click on the download button and then choose a peak out file that you would like to view by clicking here and then opening it up in Wireshark you now I can add a filter to my Wireshark and now I'm able to view the decrypted TCP data frames for my client looking into these packets will provide me with the crucial information such as timestamp and radial header information such as ours I channel details and much more as you can see the power of data packet capture is that it allows us to have a packet level insight into any client on the network from anywhere in the world but rather than needing to physically visit the client location going back the Cisco's DNA Center to the right of the data packet capture feature you can see it says live capturing and this is where you can enable or disable our live capture feature when you enable this feature we're actually enabling three things we're enabling an access point to capture all onboarding packets of the client enabling the access point to send client statistics shown in the charts below at a rate of five seconds opposed to the usual 30-second frequency as well as enabling the controller to send client onboarding events which are shown on the left at a rate of two seconds opposed to the usual 30 second frequency essentially the purpose of this feature is to home in on a particular client you want to debug and provide as much information as possible in lifetime let's look into the onboarding packet capture feature first if you look at the onboarding events viewer on the Left you'll notice all of these events have a pcap symbol next to them this is where Cisco's DNA Center will show the onboarding packets essentially the packet captures are being mapped to a specific onboarding event so that the user can understand when these packets were actually captured you'll also notice that some of these events are green whereas some of them are red intuitively the green event symbolizes that the event had occurred successfully whereas the red event symbolizes that an anomaly has occurred in that event why don't we go ahead and click on one of those red events right away you'll notice at the top that it provides you with the exact description of the issue which is client is blacklisted it due to the repetitive Association authentication failure this is the issue that the controller is claiming has caused this failed event scrolling down we can see the auto packet analyzer which is intelligent captures packet visualization tool it essentially breaks down the packet capture the APS sent into a beautified graphical user interface so that the packets can be easily interpreted as you can see it includes details such as the packet types the packet direction and he failed packets RSS I and many more we can even download these packets so let's go ahead and do that and see the packets match up with a failure reason that Cisco's DNA Center was claiming here we have our anomaly packet capture as you recall the issue that we saw was client is blacklisted due to repetitive Association authentication failure attempts from these packets you can see a clear bombardment of Association requests from the client in the access point the access point had already responded with an authentication packet however the client is still responding with another Association request again and again as you can see Cisco's DNA Center immediately takes out the most difficult part of the troubleshooting by providing a protocol level insight and root cause analysis which will save any team tons of time to go a step further we can take a look into the client RF stats below which include these metrics such as our SSI SNR data rates TX Rx packets and TX retries when you view these stats after clicking into an event you'll notice a white and gray section the white section essentially represents the timeframe in which the packets above were captured this gives you a further view of the different wireless metrics that were occurring at the time of failure for example in our case we had incredibly low SNR and no TX and rx packets it could potentially be telling you that the signal strength between the client and AP was very weak going above and beyond if you've integrated Cisco's virtual network analysis module into Cisco's DNA Center you'll even have access to information such as packet loss wireless delay or even jitter for the different application protocols shown here with all this information on the page any difficult Wireless issue is made easy with that being said this concludes the overview for the intelligent capture climb page let's go onto our next feature by making our way to the intelligent capture access point page to do so we can navigate to our hamburger menu click on provision inventory and then click on the site that contains the AP we wanted to view let's go to the san jose building 14 site which contains the catalyst 91 30 which is also Cisco's newest 11x flagship access point now let's go ahead and click on that circle with the three dots and now let's click on the view 360 button now let's go ahead and click on the intelligent capture button to enter the intelligent capture access point page here you'll immediately be met with an immense amount of data so how do we interpret this for starters you'll want to understand that by default this page is showing you the various wireless metrics for specifically serving radio zero of your access point which is shown here at the top however if you click on this menu here you'll be able to switch to the metrics of my ep's other serving radios as well for my access point you'll notice that it lists radio zero radio 1 as rows radio 2 this is because my access point has three physical serving radios this menu will change based on the physical capabilities of your access point let's start off by taking a look at this first - lid here we have the training client count for the past hour you'll be able to see that at the beginning of the hour I had more clients than what I do have now for the next ashlad I have the top clients with TX failed packets by SSID if I click on this drop down menu to the right I'll be able to toggle between the different s IDs that my access point is broadcasting let's click on one that I know I had plans connected to here it seems like I have no failed TX packets which is actually a good thing however if I was ever facing any connectivity issues with his ap I would come to this - lid to see him a particular WLAN is having issues for the next Ashley we have channel utilization and this one is broken down into three categories this ap which is quite literally this access point other Wi-Fi which is other nearby access points and non Wi-Fi which could be various interference from the 2.4 gigahertz such as Bluetooth or perhaps even microwave if the access point is next to a break room going on to the chart on the right we'll see a further breakdown of the channel utilization for this AP's radio if you look at the table on the right you'll see that varying includes information such as what clients and how many packets are contributing to this chyna utilization percentage next we have the TX frame counter per type which shows the data and management frame count in this particular case you'll notice I have a ton of management frames but very little data frames this is because I have many clients joined but no actual traffic being passed wrapping up this page we have total frame error over-the-air which are the TX and rx errors follow up by TX power and noise floor which can give you an insight regarding how much the power of your AP's radios can compare to the surrounding noise then lastly we have the multicast and broadcast counter going back to the top if I click on the five gigahertz menu you'll observe that the same data as seen but just for different one of my AP radios adding on a bit more information let's assume that we've observed an issue in the past but not have a chance to go and look at it until a couple hours later the network time travel bar at the top will allow us to go back in time for up to 14 days to observe this issue furthermore if we really wanted to drill down to a particular moment we can actually drag our cursor on the section of time of the data that we want to look closer into and the dashlet will zoom in as you can see this page really leverages you with a ton of information that will help you get to the bottom of any wireless issue with that being said let's go ahead and move on to our final intelligent capture feature spectrum analysis we can navigate to this page by going to the top and clicking on the spectrum analysis tab now we've enter the spectrum analysis page to provide you a background similar to the a prf stats page the spectrum analysis page will light a toggle between the two point four and five gigahertz band which will change the graphical user interface to display the RF spectrum energy levels according to what's chosen as you can see there are two main charts on this page the top is a channel frequency of an amplitude chart and the bottom is a channel frequency by time chart so how do we interpret this well I initial glance this chart will provide you with the visualization with regards to what channel frequency in amplitude has a higher level of RF spectral energy by default this page will be showing you this are of data in a persistent FFT view which means that it can capture interference patterns and RF signatures by overloading the burst real-time FFT sweeping if I enable this real-time FFT button at the top here the chart will show me the incoming spectral energies coming in at this very moment in time rather than the aggregated ones let's take a look at the flag egrets page here you'll immediately notice that all the channels on the chart now are present that of the Phi gigahertz band similarly to the AP intelligent capture page if we wanted to drill down to its particular moment we can actually drag our cursor on this chart as well to view a section of the chart in more detail scrolling down to the bottom we also have an interference chart which provide you with information such as a duty cycle percentages on each channel different interferences observed such as deck like phone and a new valid channel if you're suspecting that the reason why your clients are facing issues is due to the surrounding RF the intelligent capture spectrum analysis feature will give you an immediate technical insight to the problem right away with that being said this concludes our presentation on Cisco DNA centre's intelligent capture I hope you found this incredible feature to not only be exciting but also to have great potential and supporting your wireless network if you'd like to learn more please refer to the description section of this video where you'll find a link to an in-depth guide of this feature once again thank you for watching and until next time

Info

Channel: CiscoWLAN

Views: 1,572

Rating: 5 out of 5

Keywords: Wi-Fi 6, Wi-Fi, Wi-Fi Troubleshooting, Automated Wi-Fi Troubleshooting, Wi-Fi Analytics, Real-Time Analytics, Client Location, Spectrum Analyzer, Cisco WLAN, Catalyst 9800, Cisco DNA, DNA Assurance, Wireless Telemetry

Id: NOO43eMhYVA

Channel Id: undefined

Length: 22min 11sec (1331 seconds)

Published: Fri Jun 05 2020