Wireless Access

Hello all,

The link used to connect RAP with the master controller is a very high level of traffic.

I need to find source and destination of traffic and also the ports that are being used.

My firewall is not able to identify this traffic because it is encrypted inside the VPN tunnel.

Anyone know any command can show me this information?

RAPs are in bridge mode. 

Regards

Thiago Araujo

Are you sure that you ONLY have a bridged SSID connected?

What version of code is this?

Sorry, i have one SSID in split-tunnel too.

I would start with a putty session to the controller and issue

#1  -    'show user | include Ap-NAME',   where AP-NAME == the RAP in question.

#2 -  Once you have the # of unique users on that AP.  Find the ones using split tunnel and issue this command:  

'show datapath session table | include x.x.x.x'    where x.x.x.x == IP address of each unique user.  

The output of these commands will give you the user count,  the destination IP, source port, and the destination port of the traffic being observed by the controller.

Let us know how you make out

JF

Thanks, the command works fine. 

The greater use of the link is taking place on port 4500 udp, according to the report of my firewall.

This port is used only for NAT-T in RAP deployments?

This traffic could consume 90% of my link?

NAT-T encapsulates all the mgmt and some of the user traffic in your deployment.

The commands I provided will give you visibility into the user traffic and then enable you to understand what proportion they are consuming in your environment.

What did you see in terms of the user generated traffic (vs. the other/remainder traffic...which is mgmt related)