dpi

Enables DPI on this WLAN. When enabled, all traffic is subjected to DPI for detection of applications, application categories, custom applications, and metadata extraction.

DPI is an advanced packet analysis technique, which analyzes packet and packet content headers to determine the nature of network traffic. When enabled, DPI inspects packets of all flows to identify applications (such as, Netflix, Twitter, Facebook, etc.) and extract metadata (such as, host name, server name, TCP-RTT, etc.) for further use by the WiNG firewall.

Supported on the following devices:

Syntax

dpi metadata [http|ssl|tcp-rtt|voice-video]

Parameters

dpi metadata [http|ssl|tcp-rtt|voice-video]
dpi metadata [http|ssl|tcp-rtt|voice-video] Enables extraction of the following metadata flows:
  • http – Extracts HTTP flows. When enabled, administrators can track HTTP Websites accessed by both internal and guest clients and visualize HTTP data usage, hits, active time and total clients on the NSight application‘s dashboard. This setting is disabled by default.
  • ssl – Extracts SSL flows. When enabled, administrators can track SSL Websites accessed by both internal and guest clients and visualize SSL data usage, hits, active time and total clients on the NSight application‘s dashboard. This setting is disabled by default
  • tcp-rtt – Extracts RTT (Round Trip Time) information from TCP (Transmission Control Protocol) flows. However, this TCP-RTT metadata is viewable only on the NSight dashboard. Therefore, ensure the NSight server is up and NSight analytics data collection is enabled.
  • voice-video – Extracts voice and video flows. When enabled, voice and video calls can be tracked by extracting parameters, such as packets transferred and lost, jitter, and application name. Most Enterprise VoIP applications like facetime, skype for business and VoIP terminals can be monitored for call quality and visualized on the NSight dashboard in manner similar to HTTP and SSL. Call quality and metrics can only be determined from calls established unencrypted. This setting is disabled by default.

Examples

nx9500-6C8809(config-wlan-test)#dpi metadata http
nx9500-6C8809(config-wlan-test)#dpi metadata ssl
nx9500-6C8809(config-wlan-test)#dpi metadata voice-video
nx9500-6C8809(config-wlan-test)#show context
wlan test
 ssid test
 bridging-mode tunnel
 encryption-type none
 authentication-type none
 dpi metadata voice-video
 dpi metadata http
 dpi metadata ssl
nx9500-6C8809(config-wlan-test)#

Related Commands

no (wlan-config-mode) Disables extraction of metadata flows on the WLAN