Cisco WAP121 Administration Manual page 53

Wireless-n access point with poe wireless-n selectable-band access point with poe

Hide thumbs Also See for WAP121:

Administration manual (179 pages)

Quick start manual (13 pages)

Datasheet (7 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

page of 155

/ 155
Contents
Table of Contents
Bookmarks

Table of Contents

Administration

Packet Capture

Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE

•

Traffic on specific BSSIDs

•

Traffic between two clients

Some examples of useful display filters are:

•

Exclude beacons and ACK/RTS/CTS frames:

!(wlan.fc.type_subtype == 8 | | wlan.fc.type == 1)

•

Data frames only:

wlan.fc.type == 2

•

Traffic on a specific BSSID:

wlan.bssid == 00:02:bc:00:17:d0

•

All traffic to and from a specific client:

wlan.addr == 00:00:e8:4e:5f:8e

In remote capture mode, traffic is sent to the computer running Wireshark through

one of the network interfaces. Depending on where the Wireshark tool is located,

the traffic can be sent on an Ethernet interface or one of the radios. To avoid a

traffic flood caused by tracing the trace packets, the WAP device automatically

installs a capture filter to filter out all packets destined to the Wireshark

application. For example if the Wireshark IP port is configured to be 58000 then

the capture filter is automatically installed on the WAP device:

not portrange 58000-58004.

Enabling the packet capture feature impacts performance of the WAP device and

can create a security issue (unauthorized clients may be able to connect to the

WAP device and trace user data). The WAP device performance is negatively

impacted even if there is no active Wireshark session with the WAP device. The

performance is negatively impacted to a greater extent when packet capture is in

progress.

Due to performance and security issues, the packet capture mode is not saved in

NVRAM on the WAP device; if the WAP device resets, the capture mode is

disabled and the you must reenable it in order to resume capturing traffic. Packet

capture parameters (other than mode) are saved in NVRAM.

In order to minimize performance impact on the WAP device while traffic capture

is in progress, you should install capture filters to limit which traffic is sent to the

Wireshark tool. When capturing 802. 1 1 traffic, large portion of the captured frames

tend to be beacons (typically sent every 100 ms by all APs). Although Wireshark

Table of Contents

This manual is also suitable for:

Wap321

Cisco WAP121 Administration Manual page 53

Related Manuals for Cisco WAP121

Related Products for Cisco WAP121

This manual is also suitable for:

Table of Contents