Specifications

ManualsBrandsEnterasys ManualsComputer equipmentRoamAbout RBT-8100

521

522

523

524

525

526

527

528

529

530

Remotely Monitoring Traffic

A-16 Troubleshooting a RoamAbout Switch

Toinformyouofthiscondition,MSSgeneratesalogmessagesuchasthefollowingthefirst

timeanICMPerrormessageisreceivedfollowingthestartofasnoopfilter:

AP Mar 25 13:15:21.681369 ERROR DAP 3 ap_network: Observer 10.10.101.2 is not

accepting TZSP packets

TopreventICMPerrormessagesfromtheobserver,EnterasysNetworksrecommendsusing

theNetcatapplicationontheobservertolistentoUDPpacketsontheTZSPport.

Configuring a Snoop Filter

Toconfigureasnoopfilter,usethefoll owingcommand:

set snoop filter-name [condition-list] [observer ip-addr] [snap-length num]

Thefilter-namecanbeupto15alphanumericcharacters.

Thecondition‐listspecifiesthematchcriteriaforpackets.ConditionsinthelistareANDed.

Therefore,tobecopiedandsenttoanobserver,apacketmustmatchallcriteriainthecondition‐

list.Youcan specifyuptoeightof

thefollowingconditionsinafilter,inanyorderorcombination:

frame‐type{eq|neq}{beacon|control|data|management|probe}

channel{eq|neq}channel

bssid{eq|neq}bssid

src‐mac{eq|neq | lt | gt}mac‐addr

dest‐mac{eq|

neq | lt | gt}mac‐addr

host‐mac{eq|neq | lt | gt}mac‐addr

mac‐pairmac‐addr1mac‐addr2

TomatchonpacketstoorfromaspecificMACaddress,usethedest‐macorsrc‐macoption.To

matchonbothsendandreceivetraffic forahost

address,usethehost‐macoption.Tomatchona

trafficflow(sourceanddestinationMACaddresses),usethemac‐pairoption.Thisoption

matchesforeitherdirectionofaflow,andeitherMACaddresscanbethesourceordestination

address.

Ifyouomitacondition,allpacketsmatchthat

condition.Forexample,ifyouomitframe‐type,all

frametypesmatchthefilter.

Formostconditions,youcanuseeq(equal)tomatchonlyontrafficthatmatchesthecondition

value.Useneq(notequal)tomatchonlyontrafficthatisnotequaltothe conditionvalue.The

src‐

mac,dest‐mac,andhost‐macconditionsalsosupportlt(lessthan)andgt(greaterthan).

Theobserverip‐addroptionspecifiesthe IPaddressofthestationwheretheprotocolanalyzeris

located.Ifyoudonotspecifyanobserver,theAPradiostillcountsthepacketsthat

matchthe

filter.(See“DisplayingRemoteTrafficMonitoringStatistics”onpage 19.)

Thesnap‐lengthnumoptionspecifiesthemaximumnumberofbytestocapture.Ifyoudonot

specifyalength,theentirepacketiscopiedandsenttotheobserver.EnterasysNetworks

recommendsspecifyingasnaplengthof100bytes

orless.

Thefollowingcommandconfiguresasnoopfilternamedsnoop1thatmatchesonalltraffic,and

copiesthetraffictothedevicethathasIPaddress10.10.30.2:

RBT-8100# set snoop snoop1 observer 10.10.30.2 snap-length 100