Aruba Instant version 6.1.2.3-2.0.0.3 and above have the pcap command to do the wireless packet capture on the IAP. This command is not expose on the Web UI and have to run from the CLI.
1. Enable Telnet option to the IAP. By default Telnet or terminal access is disable.
2. Use "show ap monitor status" to identify the base BSSID.
WLAN Interface
---------------
bssid scan monitor probe-type phy-type task channel pkts
----- ---- ------- ---------- -------- ---- ------- ----
'''00:24:6c:ae:81:68''' enable enable m-portal 80211a-HT-40 tuned 149+ 360116135
'''00:24:6c:ae:81:60''' enable enable sap 80211b/g-HT-20 tuned 11 172543704
In the example above, the base bssid for 80211a is "00:24:6c:ae:81:68" and "00:24:6c:ae:81:60"
3. Use "pcap start <base bssid> <ip address of PC with Aruba version of Wireshark installed> <port> 0 1518"
The number after the port is for format. Use 0 pcap for Wireshark and 1 peek for Omnipeek
Optionally you can add the channel at the end. This is good to use when placing the IAP into AM mode so you can capture on one channel instead of scanning.
Example:
pcap start 00:24:6c:ae:81:68 10.163.148.35 5555 0 1518
4. Use "show pcap" to check the active pcap session
Packet Capture Sessions
-----------------------
pcap-id filter type intf channel max-pkts max-pkt-size num-pkts status url target
------- ------ ---- ---- ------- -------- ------------ -------- ------ --- ------
1 raw 00:24:6c:ae:81:68 149 in-progress 10.163.148.35/5555
5. Use "pcap stop <base bssid> <pcap-id> to stop the capture
Example:
pcap stop 00:24:6c:ae:81:68 1
6. Run the Aruba version of Wireshark or Omnipeek and select udp-port=5555
Note: If you reboot the AP these settings are lost and you have to start the pcap again. If you are going to change the AP to an AM you should do that before you start the pcap.