Configuring A Snoop Filter - Nortel 2300 Series Configuration Manual
Wlan security switch
Hide thumbs
Also See for 2300 Series:
- Reference (622 pages) ,
- Configuration manual (39 pages) ,
- Solution manual (108 pages)
Table of Contents
Advertisement
590 Appendix A: Troubleshooting a WS Switch
Configuring a Snoop Filter
To configure a snoop filter, use the following command:
set snoop filter-name [condition-list] [observer ip-addr]
[snmp-length num]
The filter-name can be up to 32 alphanumeric characters.
The condition-list specifies the match criteria for packets. Conditions in the list are ANDed. Therefore, to be copied and
sent to an observer, a packet must match all criteria in the condition-list. You can specify up to eight of the following
conditions in a filter, in any order or combination:
frame-type {eq | neq} {beacon | control | data | management | probe}
channel {eq | neq} channel
bssid {eq | neq} bssid
src-mac {eq | neq} mac-addr
dest-mac {eq | neq} mac-addr
host-mac {eq | neq} mac-addr
mac-pair mac-addr1 mac-addr2
To match on packets to or from a specific MAC address, use the dest-mac or src-mac option. To match on both send
and receive traffic for a host address, use the host-mac option. To match on a traffic flow (source and destination MAC
addresses), use the mac-pair option. This option matches for either direction of a flow, and either MAC address can be
the source or destination address.
If you omit a condition, all packets match that condition. For example, if you omit frame-type, all frame types match the
filter.
For most conditions, you can use eq (equal) to match only on traffic that matches the condition value. Use neq (not
equal) to match only on traffic that is not equal to the condition value.
The observer ip-addr option specifies the IP address of the station where the protocol analyzer is located. If you do not
specify an observer, the AP radio still counts the packets that match the filter. (See
toring Statistics" on page
The snap-length num option specifies the maximum number of bytes to capture. If you do not specify a length, the
entire packet is copied and sent to the observer. Nortel recommends specifying an snap length of 100 bytes or less.
The following command configures a snoop filter named snoop1 that matches on all traffic, and copies the traffic to the
device that has IP address 10.10.30.2:
23x0# set snoop snoop1 observer 10.10.30.2 snap-length 100
320657-A
594.)
"Displaying Remote Traffic Moni-
Advertisement
Table of Contents
