395
DWS-1008 User’s Manual
D-Link Systems, Inc.
Appendix A - Troubleshooting
To match on both send and receive traffic for a host address, use the
host-mac
option. To
match on a traffic flow (source and destination MAC addresses), use the
mac-pair
option.
This option matches for either direction of a flow, and either MAC address can be the source
or destination address.
If you omit a condition, all packets match that condition. For example, if you omit
frame-type
,
all frame types match the filter.
For most conditions, you can use
eq
(equal) to match only on traffic that matches the condition
value. Use
neq
(not equal) to match only on traffic that is not equal to the condition value.
The
observer
ip-addr
option specifies the IP address of the station where the protocol
analyzer is located. If you do not specify an observer, the AP radio still counts the packets
that match the filter.
The
snap-length
num
option specifies the maximum number of bytes to capture. If you do
not specify a length, the entire packet is copied and sent to the observer. D-link recommends
specifying a snap length of 100 bytes or less.
The following command configures a snoop filter named
snoop1
that matches on all traffic,
and copies the traffic to the device that has IP address 10.10.30.2:
DWS-1008#
set snoop snoop1 observer 10.10.30.2 snap-length 100
The following command configures a snoop filter named
snoop2
that matches on all data traffic
between the device with MAC address aa:bb:cc:dd:ee:ff and the device with MAC address
11:22:33:44:55:66, and copies the traffic to the device that has IP address 10.10.30.3:
DWS-1008#
set snoop snoop2 frame-type eq data mac-pair aa:bb:cc:dd:ee:ff
11:22:33:44:55:66 observer 10.10.30.3 snap-length 100
Displaying Configured Snoop Filters
To display the snoop filters configured on the switch, use the following command:
show
snoop
info
[
filter-name
]
The following command shows the snoop filters configured in the examples above:
DWS-1008#
show snoop info
snoop1:
observer 10.10.30.2 snap-length 100
all packets
snoop2:
observer 10.10.30.3 snap-length 100
frame-type eq data
mac-pair (aa:bb:cc:dd:ee:ff, 11:22:33:44:55:66)
Editing a Snoop Filter
To edit a snoop filter, you can use the
show configuration area snoop
command to display
the filter’s configuration command, then use cut-and-paste to reconstruct the command.