Wireless Access

Occasional Contributor II

RAP AP traffic information

Hello all,


The link used to connect RAP with the master controller is a very high level of traffic.


I need to find source and destination of traffic and also the ports that are being used.


My firewall is not able to identify this traffic because it is encrypted inside the VPN tunnel.


Anyone know any command can show me this information?


RAPs are in bridge mode. 




Thiago Araujo

Guru Elite

Re: RAP AP traffic information

Are you sure that you ONLY have a bridged SSID connected?


What version of code is this?

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Occasional Contributor II

Re: RAP AP traffic information

Sorry, i have one SSID in split-tunnel too.



Re: RAP AP traffic information

I would start with a putty session to the controller and issue


#1  -    'show user | include Ap-NAME',   where AP-NAME == the RAP in question.


#2 -  Once you have the # of unique users on that AP.  Find the ones using split tunnel and issue this command:  

'show datapath session table | include x.x.x.x'    where x.x.x.x == IP address of each unique user.  


The output of these commands will give you the user count,  the destination IP, source port, and the destination port of the traffic being observed by the controller.


Let us know how you make out



Occasional Contributor II

Re: RAP AP traffic information

Thanks, the command works fine. 


The greater use of the link is taking place on port 4500 udp, according to the report of my firewall.


This port is used only for NAT-T in RAP deployments?


This traffic could consume 90% of my link?


Re: RAP AP traffic information

NAT-T encapsulates all the mgmt and some of the user traffic in your deployment.


The commands I provided will give you visibility into the user traffic and then enable you to understand what proportion they are consuming in your environment.

What did you see in terms of the user generated traffic (vs. the other/remainder traffic...which is mgmt related)

Search Airheads
Showing results for 
Search instead for 
Did you mean: