Initiating and Understanding Application Recognition
For Cisco Devices and Environments
You can set up application recognition via NetFlow v9 on Cisco devices via two methods:
For device setup using a non-SD-WAN solution, you must include the applicaton ID field as part of your flow record (see Flow Record Requirements).
For device setup using an SD-WAN solution, you must enable an application policy or application visibility on your SD-WAN solution (see Configure Traffic Flow Monitoring for information about application visibility on your device template).
Both of the above methods activate Cisco's NBAR (Network Based Application Recognition), which enhances your Traffic Insights experience with application data for applications with public IP addresses. Through your SD-WAN solution, or via the CLI for non-SD-WAN Cisco networks, you can also separately set up custom applications for identification, ensuring you see applications in Traffic Insights with both public and private IP addresses (see Chapter: NBAR2 Custom Protocol).
For Devices without Access to Cisco NBAR
For those using non-Cisco devices and for Meraki MX devices which don't have access to Cisco NBAR via the application name field, Traffic Insights can infer application information about applications that have public IP addresses. Traffic Insights first uses NBAR Cloud IP enrichment to try and enrich flow data based on IP address. If the IP address is not available or private, it then uses NBAR Cloud's port-based classification to form enrichment. If the DST (destination) port does not exist in the list, it falls back to the transport protocol (TCP, UDP or IP). As such, Traffic Insights makes a best effort to identify your applications, but cannot guarantee that an application, even with a public IP address, will always be identifiable.
Last updated