AP Packet Capture

Introduction to AP Client Packet Capture

The AP Client Packet Capture feature allows the packets on an AP to be captured for wireless client troubleshooting. The packet capture operation is performed on the AP by the radio drivers on the current channel on which it is operational, based on the specified packet capture filter. All the packets that are captured for a specific client are uploaded to a file in the FTP server. This file can be opened in Wireshark for packet inspection.

Limitations for AP Client Packet Capture

  • The packet capture task can be performed for only one client at a time per site.

  • Packet capture can be started on a specific AP or a set of APs using static mode. It can be started or stopped for the same client on different APs, when the capture is in progress.

    When packet capture is started in auto mode, system automatically selects the set of nearby APs to start packet capture for a specific client. In this mode, you cannot start or stop packet capture on individual APs. Use the stop all command to stop the packet capture when it is started in auto-mode.

  • After the SSO is complete, the packet capture action will not continue after a switchover.

Enabling Packet Capture (GUI)

Procedure


Step 1

Choose Troubleshooting > AP Packet Capture.

Step 2

On the Troubleshooting page, in the Start Packet Capture section, in the Client MAC Address field, enter the client's MAC address.

Step 3

From the Capture Mode options, choose Auto.

Step 4

Click Start.


Enabling Packet Capture (CLI)

Follow the procedure given below to enable packet capture:

Procedure

  Command or Action Purpose

Step 1

enable

Example:

Device# enable 

Enters privileged EXEC mode.

Step 2

ap packet-capture start client-mac-address auto

Example:

Device# ap packet-capture start 0011.0011.0011 auto 

Enables packet capture for the specified client on a set of nearby access points.

Create AP Packet Capture Profile and Map to an AP Join Profile (GUI)

Procedure


Step 1

Click Configuration > Tags & Profiles > AP Join Profile.

Step 2

Click Add to create a new AP Join Profile and enter the requisite details.

Step 3

In the Add AP Join Profile area, click AP > Packet Capture.

Step 4

Click the Plus icon to create a new Packet Capture profile or select one from the drop-down menu.

Step 5

Click Save.


Create AP Packet Capture Profile and Map to an AP Join Profile

While packet capture profile configurations are used for an AP, the packet capture profile is mapped to an AP profile. The AP profile is in turn mapped to site tag.

While starting packet capture, APs use the packet capture profile configurations based on the site and AP join profile they belong to.

Follow the procedure given below to create an AP packet capture profile and map it to an AP join profile:

Procedure

  Command or Action Purpose

Step 1

configure terminal

Example:

Device# configure terminal

Enters global configuration mode..

Step 2

wireless profile ap packet-capture packet-capture-profile-name

Example:

Device(config)# wireless profile ap packet-capture test1

Configures an AP profile.

Step 3

ap profile profile-name

Example:

Device(config)# ap profile default-ap-profile

Configures an AP packet capture profile.

Step 4

packet-capture profile-name

Example:

Device(config-ap-profile)# packet-capture capture-test

Enables packet capture on the AP profile.

Step 5

end

Example:

Device(config-ap-profile)# end

Exits the AP profile configuration mode.

Step 6

show wireless profile ap packet-capture detailed profile-name

Example:

Device# show wireless profile ap packet-capture detailed test1

Displays detailed information of the selected AP packet capture profile.

Start or Stop Packet Capture

Perform either of these tasks to start or stop a packet capture procedure.

Procedure

  Command or Action Purpose

Step 1

ap packet-capture start client-mac-address { auto | static ap-name }

Example:

Device# ap packet-capture start 0011.0011.0011 auto

Enables packet capture for a client.

Step 2

ap packet-capture stop client-mac-address { all | static ap-name }

Example:

Device# ap packet-capture stop 0011.0011.0011 all

Disables packet capture for a client.