Sunday, December 29, 2019

Configuring Application Visibility and Control (AVC) on a Cisco WLC

Cisco Application Visibility and Control (AVC) provides network visibility of classified traffic and gives the admin the option to control either by performing a Drop or Mark (DSCP) action. AVC utilizes several components such as Network Based Application Recognition (NBAR2), Quality of Service (QoS) and NetFlow which allows deep-packet inspection.

I had to block video streaming as well as block smartphone updates on a Cisco WLC 3504 in order to conserve bandwidth on a particular SSID. To configure AVC, to to WIRELESS > Application Visibility and Control > Applications.


Add a new AVC Profile under WIRELESS > Application Visibility and Control > AVC Profiles > click New.


Type the AVC Profile Name: BLOCK_STREAMING > click Apply.


Click on the AVC Profile (hyperlink): BLOCK_STREAMING.

Click Add New Rule (far right).

Select Application Group: voice-and-video > Application Name: youtube > Action: Drop > Apply.




Apply the AVC Profile under WLANs > select a WLAN ID > QoS > enable Application Visibility > select the created AVC Profile > Apply > Save Configuration. 


To monitor AVC, go to MONITOR > Applications > WLAN > select a WLAN ID.

Notice the AVC Profile (far right) applied to the WLAN SSID.



View each tabs: Aggregate / Upstream / Downstream.

It's recommended to configure and view NetFlow statistics either on a collector server/analyzer or using Cisco Prime Infrastructure.