Instant Access Point (IAP) provides the capability to do packet trace using the console to debug complex issues or to trace the packet flow between different modules. We recommended you to enable this option with most specific filter possible, for example, tracing a specific type of packets for a specific client. If an extended packets details is needed, an external sniffer is recommended.
The following section will describe the steps needed to trace the DHCP packets on a specific client MAC address.
Environment : IAP-104, IAP-105, IAP-92, IAP-93 with software version 6.2.0.0_3.2.0.0
Perform the following steps to enable the packet trace option,
- Enable the Terminal Access option to the Instant Access Point (IAP). Please read on this article for the steps. (http://arubanetworkskb.secure.force.com/pkb/articles/FAQ/Can-I-SSH-to-my-Instant-Access-Point)
- SSH to the IAP. If you are going to capture the trace for a specific wireless client, connect to the IAP where the client is associated.
- Type "debug pkt mac <client MAC address>"
- Example: debug pkt mac 24:77:03:d1:1b:a0
- Type "debug pkt match mac"
- Example: debug pkt match mac
- Type "debug pkt type dhcp"
- Example: debug pkt type dhcp
- Type "debug pkt dump"
- Type "q" to exit the console packet dump
All the above "debug pkt" must be executed in the sequence as shown. Note that the debug pkt command is session specific. All the filters configured will be removed upon exiting the session.
To verify the active filter configuration, type "show debug pkt"
Example:
d8:c7:c8:c4:62:33# show debug pkt
Enter 'debug pkt dump' to dump packets on console
OR 'debug pkt mirror <ip>' to mirror them
If source or destination MAC is 24:77:03:d1:1b:a0
AND packet is of type DHCP
d8:c7:c8:c4:62:33#
Sample Trace Output:
d8:c7:c8:c4:62:33# debug pkt dump
Press 'q' to quit.
0002229477: Received packet from aruba002
[asap_firewall_forward(2997):firewall entry] len 342, vlan 0, egress CP, ingress aruba002:
#mac: etype 0800 smac 24:77:03:d1:1b:a0 tmac ff:ff:ff:ff:ff:ff -----> Indicate that the client is performing a DHCP broadcast
#ip: sip 0.0.0.0, dip 255.255.255.255, proto 17, fragment ok, last fragment, fragment offset 0
#udp: sport 68 dport 67 len 308 -----> Indicate the protocol, source port, destination port and packet length
#dhcp: message-type: request
hardware type: 1, len: 6
hops: 0
transaction id: 9d488825
seconds elapsed: 0
boot flags: 0x0000
client ip: 0.0.0.0, your ip: 0.0.0.0
next server ip: 0.0.0.0, relay agent ip: 0.0.0.0
client mac: 24:77:03:d1:1b:a0
server host name: (null)
boot file name: (null)
magic cookie: 63825363
[ Output truncated for clarity]
0002229484: Received packet from bond0 -----> Bond0 is the wired interface of the IAP
[asap_firewall_forward(2997):firewall entry] len 342, vlan 0, egress CP, ingress bond0:
#mac: etype 0800 smac 00:0b:86:62:35:20 tmac 24:77:03:d1:1b:a0
#ip: sip 10.163.148.2, dip 10.163.148.146, proto 17, fragment ok, last fragment, fragment offset 0 -----> DHCP server IP is 10.163.148.2 and is unicast the offer to the client
#udp: sport 67 dport 68 len 308
#dhcp: message-type: reply
hardware type: 1, len: 6
hops: 0
transaction id: 9d488825
seconds elapsed: 0
boot flags: 0x0000
client ip: 0.0.0.0, your ip: 10.163.148.146
next server ip: 10.163.148.2, relay agent ip: 0.0.0.0
client mac: 24:77:03:d1:1b:a0
server host name: (null)
boot file name: (null)
magic cookie: 63825363
[asap_firewall_forward(4876):forwarding packet to aruba002] len 342, vlan 1, egress aruba002, ingress aruba002: ----->aruba002 is the wireless interface.
#mac: etype 0800 smac 00:0b:86:62:35:20 tmac 24:77:03:d1:1b:a0
#ip: sip 10.163.148.2, dip 10.163.148.146, proto 17, fragment ok, last fragment, fragment offset 0
#udp: sport 67 dport 68 len 308
#dhcp: message-type: reply
hardware type: 1, len: 6
hops: 0
transaction id: 9d488825
seconds elapsed: 0
boot flags: 0x0000
client ip: 0.0.0.0, your ip: 10.163.148.146
next server ip: 10.163.148.2, relay agent ip: 0.0.0.0
client mac: 24:77:03:d1:1b:a0
server host name: (null)
boot file name: (null)
magic cookie: 63825363