Wireless Access

Reply
Occasional Contributor II
Posts: 20
Registered: ‎06-06-2012

RAP AP traffic information

Hello all,

 

The link used to connect RAP with the master controller is a very high level of traffic.

 

I need to find source and destination of traffic and also the ports that are being used.

 

My firewall is not able to identify this traffic because it is encrypted inside the VPN tunnel.

 

Anyone know any command can show me this information?

 

RAPs are in bridge mode. 

 

Regards

 

Thiago Araujo

Guru Elite
Posts: 20,759
Registered: ‎03-29-2007

Re: RAP AP traffic information

Are you sure that you ONLY have a bridged SSID connected?

 

What version of code is this?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 20
Registered: ‎06-06-2012

Re: RAP AP traffic information

Sorry, i have one SSID in split-tunnel too.

 

Aruba
Posts: 760
Registered: ‎05-31-2007

Re: RAP AP traffic information

I would start with a putty session to the controller and issue

 

#1  -    'show user | include Ap-NAME',   where AP-NAME == the RAP in question.

 

#2 -  Once you have the # of unique users on that AP.  Find the ones using split tunnel and issue this command:  

'show datapath session table | include x.x.x.x'    where x.x.x.x == IP address of each unique user.  

 

The output of these commands will give you the user count,  the destination IP, source port, and the destination port of the traffic being observed by the controller.

 

Let us know how you make out

 

JF

Occasional Contributor II
Posts: 20
Registered: ‎06-06-2012

Re: RAP AP traffic information

Thanks, the command works fine. 

 

The greater use of the link is taking place on port 4500 udp, according to the report of my firewall.

 

This port is used only for NAT-T in RAP deployments?

 

This traffic could consume 90% of my link?

Aruba
Posts: 760
Registered: ‎05-31-2007

Re: RAP AP traffic information

NAT-T encapsulates all the mgmt and some of the user traffic in your deployment.

 

The commands I provided will give you visibility into the user traffic and then enable you to understand what proportion they are consuming in your environment.


What did you see in terms of the user generated traffic (vs. the other/remainder traffic...which is mgmt related)

Search Airheads
Showing results for 
Search instead for 
Did you mean: