Specifications
Troubleshooting AOS-W Environments 625
Chapter 27
z Alcatel message BPDUs
z TCP cli ports (default ones)
Examples
Debugging a wireless WEP station doing VPN would typically require:
z station up/down: Alcatel msg opcode 30
z wep key plumbing: Alcatel msg opcode 29
z DHCP: Alcatel msg opcode 90 (not udp 67 as that won't catch mobility packets)
z ike: udp port 500 & 4500
z l2tp: udp port 1701
Enter:
packet-capture Alcatelmsg 30,29,90 udp 500,4500,1701,1812,1645
Debugging 802.1x with TKIP would typically require:
z station up/down: Alcatel msg opcode 30
z 802.1x opcode: Alcatel msg opcode 13
z forward dot1x: Alcatel msg opcode 71
z tkip key plumbing: Alcatel msg opcode 70
z DHCP: Alcatel msg opcode 90
z radius: 1812 typically or 1645
Enter:
packet-capture Alcatelmsg 30,13,71,70,90 udp 1812,1645
N
OTE—These examples give you all the messaging plus timestamps associated
to them. This is useful for seeing whyfor example, users got associated but
took 2 minutes to get an IP.
SESSION MIRRORING
As of AOS-W 2.3.0.0 and later code you can mirror Ethernet packets on a per
session basis. This feature is only accessible from the CLI.
For each ACL you want to be able to mirror, add the mirror flag and
destination IP. For example, to see L2TP control packets unencrypted, enter:
firewall session-mirror-destination 1.2.3.4
ip access-list session vpnlogon
any any svc-l2tp permit mirror