dpi
Enables DPI on this WLAN. When enabled,
all traffic is subjected to DPI for detection of applications, application categories, custom
applications, and metadata extraction.DPI is an advanced packet analysis technique, which
analyzes packet and packet content headers to determine the nature of network traffic. When
enabled, DPI inspects packets of all flows to identify applications (such as, Netflix,
Twitter, Facebook, etc.) and extract metadata (such as, host name, server name, TCP-RTT,
etc.) for further use by the WiNG
firewall.
Supported on the following devices:
- Access Points:
AP3000/X, AP5010, AP310i/e, AP410i/e, AP505i, AP510i, AP510e, AP560i, AP7602, AP7612, AP7622, AP7632,
AP7662, AP8163, AP8533.
- Service Platforms:
NX5500, NX7500, NX9500, NX9600
- Virtual Platforms: CX9000, VX9000
Syntax
dpi metadata [http|ssl|tcp-rtt|voice-video]
Parameters
dpi metadata [http|ssl|tcp-rtt|voice-video]
dpi metadata [http|ssl|tcp-rtt|voice-video] |
Enables extraction of the following metadata flows:
- http – Extracts HTTP flows.
When enabled, administrators can track HTTP Websites accessed by both internal
and guest clients and visualize HTTP data usage, hits, active time and total
clients on the NSight application‘s dashboard. This setting is disabled by
default.
- ssl – Extracts SSL flows. When
enabled, administrators can track SSL Websites accessed by both internal and
guest clients and visualize SSL data usage, hits, active time and total clients
on the NSight application‘s dashboard. This setting is disabled by default
- tcp-rtt –
Extracts RTT (Round Trip Time) information from
TCP (Transmission Control Protocol) flows.
However, this TCP-RTT metadata is viewable only on the
NSight dashboard. Therefore, ensure the NSight server is up
and NSight analytics data collection is enabled.
- voice-video – Extracts voice
and video flows. When enabled, voice and video calls can be tracked by
extracting parameters, such as packets transferred and lost, jitter, and
application name. Most Enterprise VoIP applications like facetime, skype for
business and VoIP terminals can be monitored for call quality and visualized on
the NSight dashboard in manner similar to HTTP and SSL. Call quality and metrics
can only be determined from calls established unencrypted. This setting is
disabled by default.
|
Examples
nx9500-6C8809(config-wlan-test)#dpi metadata http
nx9500-6C8809(config-wlan-test)#dpi metadata ssl
nx9500-6C8809(config-wlan-test)#dpi metadata voice-video
nx9500-6C8809(config-wlan-test)#show context
wlan test
ssid test
bridging-mode tunnel
encryption-type none
authentication-type none
dpi metadata voice-video
dpi metadata http
dpi metadata ssl
nx9500-6C8809(config-wlan-test)#