Remotely Monitoring Traffic
639
Best Practices for
Remote Traffic
Monitoring
Do not specify an observer that is associated with the MAP where the
snoop filter is running. This configuration causes an endless cycle of
snoop traffic.
If the snoop filter is running on a Distributed MAP, and the MAP used
a DHCP server in its local subnet to configure its IP information, and
the MAP did not receive a default router (gateway) address as a result,
the observer must also be in the same subnet. Without a default
router (gateway), the MAP cannot find the observer.
The MAP that is running a snoop filter forwards snooped packets
directly to the observer. This is a one-way communication, from the
MAP to the observer. If the observer is not present, the MAP still sends
the snoop packets, which use bandwidth. If the observer is present
but is not listening to TZSP traffic, the observer continuously sends
ICMP error indications back to the MAP. These ICMP messages can
affect network and MAP performance.
To inform you of this condition, MSS generates a log message such as the
following the first time an ICMP error message is received following the
start of a snoop filter:
MAP Mar 25 13:15:21.681369 ERROR DAP 3 ap_network: Observer
10.10.101.2 is not accepting TZSP packets
To prevent ICMP error messages from the observer, 3Com recommends
using the Netcat application on the observer to listen to UDP packets on
the TZSP port.
Configuring a Snoop
Filter
To configure a snoop filter, use the following command:
set
snoop
filter-name
[
condition-list
] [
observer
ip-addr
]
[
snap-length
num
]
The
filter-name
can be up to 15 alphanumeric characters.
The
condition-list
specifies the match criteria for packets. Conditions in
the list are ANDed. Therefore, to be copied and sent to an observer, a
packet must match all criteria in the
condition-list
. You can specify up to
eight of the following conditions in a filter, in any order or combination:
frame-type
{
eq
|
neq
} {
beacon
|
control
|
data
|
management
|
probe
}
channel
{
eq
|
neq
}
channel
bssid
{
eq
|
neq
}
bssid
Summary of Contents for 3CRWX120695A
Page 138: ...138 CHAPTER 6 CONFIGURING AND MANAGING IP INTERFACES AND SERVICES ...
Page 272: ...272 CHAPTER 11 CONFIGURING RF LOAD BALANCING FOR MAPS ...
Page 310: ...310 CHAPTER 13 CONFIGURING USER ENCRYPTION ...
Page 322: ...322 CHAPTER 14 CONFIGURING RF AUTO TUNING ...
Page 350: ...350 CHAPTER 16 CONFIGURING QUALITY OF SERVICE ...
Page 368: ...368 CHAPTER 17 CONFIGURING AND MANAGING SPANNING TREE PROTOCOL ...
Page 412: ...412 CHAPTER 19 CONFIGURING AND MANAGING SECURITY ACLS ...
Page 518: ...518 CHAPTER 21 CONFIGURING AAA FOR NETWORK USERS ...
Page 530: ...530 CHAPTER 22 CONFIGURING COMMUNICATION WITH RADIUS ...
Page 542: ...542 CHAPTER 23 MANAGING 802 1X ON THE WX SWITCH ...
Page 598: ...598 CHAPTER 26 ROGUE DETECTION AND COUNTERMEASURES ...
Page 706: ...706 GLOSSARY ...