Command of the Day

Reply
Guru Elite
Posts: 19,983
Registered: ‎03-29-2007

COTD: show datapath session table

The show datapath session table command will show you all the traffic flows that are going through the controller. This includes user, as well as traffic going to and from the controller for management/authentication, etc. When you type this command, on a busy controller, you are likely to get hundreds of lines. The strength of this command is to limit to a particular host, or a particular type of traffic. You would do this for a particular host by typing show datapath session table . Check out this example where I want to see the traffic going to and from an access point with the ip address 172.16.16.13:
(M3.arubanetworks.com) #show datapath session table 172.16.16.13

Datapath Session Table Entries
------------------------------

Flags: F - fast age, S - src NAT, N - dest NAT
D - deny, R - redirect, Y - no syn
H - high prio, P - set prio, T - set ToS
C - client, M - mirror, V - VOIP
I - Deep inspect, U - Locally destined

Source IP Destination IP Prot SPort DPort Cntr Prio ToS Age Destination TAge Flags
-------------- -------------- ---- ----- ----- ---- ---- --- --- ----------- ---- -----
172.16.69.16 172.16.16.13 17 8211 8211 0 0 0 1 tunnel 141 479b F
172.16.69.16 172.16.16.13 47 0 0 0 0 0 0 local 47a7 FMC
172.16.16.13 172.16.69.16 47 0 0 0 0 0 0 local 47a7 FM
172.16.16.13 172.16.69.16 17 8211 8211 0 0 0 1 tunnel 141 479b FC
172.16.16.13 172.16.69.16 17 32773 514 0 0 0 1 tunnel 166 15 FYC
172.16.69.16 172.16.16.13 17 514 32773 0 0 0 1 tunnel 166 15 FY


Source and destination ip addresses as well as ports are shown in this output. The access point is 172.16.16.13 and the controller is 172.16.69.16. We can see that there is bidirectional traffic on port 8211 (papi, or the access point control port), protocol 47 (GRE, or user traffic), and port 514 (syslog) traffic from the AP to the controller. This also can easily give you a full picture of all the flows for a particular port, as well. If I wanted to see all the NAT-T or UDP 4500 traffic going through the controller, to see what remote APs are up, I would use the "include" parameter like so:

(M3.arubanetworks.com) #show datapath session table | include 4500
128.5.162.93 10.69.69.16 17 4500 4500 0 0 0 0 1/3 4dab FC
121.21.160.39 10.69.69.16 17 1030 4500 0 0 0 0 1/3 fbcf FC
119.236.23.252 10.69.69.16 17 63055 4500 0 0 0 0 1/3 6c2a FC
92.96.26.186 10.69.69.16 17 60001 4500 0 0 0 0 1/3 2c30 FC
24.17.20.57 10.69.69.16 17 4500 4500 0 0 0 0 1/3 6b73 FC
10.69.69.16 71.235.91.18 17 4500 10030 0 0 0 0 1/3 c4fa F
10.69.69.16 71.235.91.18 17 4500 10028 0 0 0 0 1/3 fbd0 F
10.69.69.16 71.235.91.18 17 4500 10029 0 0 0 0 1/3 c560 F
119.23.235.106 10.69.69.16 17 4500 4500 0 0 0 0 1/3 8ae3 FC
10.69.69.16 72.40.81.11 17 4500 10006 0 0 0 0 1/3 fbd1 F
10.69.69.16 64.169.70.35 17 4500 6934 0 0 0 0 1/3 fbd1 F
Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Contributor I
Posts: 23
Registered: ‎04-13-2009

Inter-controller

Does it apply for inter-controller traffic too? Such as config sync or heartbeats between master and locals.
Guru Elite
Posts: 19,983
Registered: ‎03-29-2007

Traffic

yes
Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Search Airheads
Showing results for 
Search instead for 
Did you mean: