Thank you.

I thought the 9120 would go under that category, as it runs IOS ® XE. How can I check which AP's are IOS AP's? 

Interesting, thank you.

Do I need to remember which AP's are IOS and which are COS or is there any way I can check it on a specific AP (through CLI og product-sheet)?

Hi @marce1000 and @Rasika Nayanajith 

Do you guys know if this should work for FlexConnect scenarios too?

I have a customer who has a 9800-CL setup and 3802I APs. All of the APs are in FlexConnect mode.

I setup the packet capture profile and tied it to the AP Join Profile etc. All seems good. But always the same error as shown below (same error in GUI). I even rebooted the WLC and the APs by upgrading from 16.12 to 17.3.3 - but new code and complete reboot didn't improve matters 

WLC01#ap packet-capture start 084f.f923.17f4 static AP-A4
% Error: Access point is not capable of packet capture

I have been told that this doesn't work via the CLI nor via the GUI and that it should be done by DNAC. We have DNAC but the 9800 is not yet integrated. I feel though that this feature should work via CLI or WLC GUI.

I tested the FTP from the WLC using a "copy" command to copy a bootflash file to the ftp server. That works.

I followed the exact steps as per the Cisco document. And the profile below is assigned to the AP's join profile. What else could be the problem? The document doesn't say anything about FlexConnect though. And there is a screenshot in that link that puts the AP in "Local" mode ... hence my suspicion that this DOESN'T work in Flex mode:

WLC01#show wireless profile ap packet-capture detailed PC

Profile Name : PC
Description  :
---------------------------------------------------
Buffer Size       : 2048 KB
Capture Duration  : 10 Minutes
Truncate Length   : packet length
FTP Server IP     : 10.10.50.245
FTP path          : /
FTP Username      : arne

Packet Classifiers
  802.11 Control  : Enabled
  802.11 Mgmt     : Enabled
  802.11 Data     : Enabled
  Dot1x           : Enabled
  ARP             : Enabled
  IAPP            : Enabled
  IP              : Enabled
  TCP             : Enabled
  TCP port        : all
  UDP             : Disabled
  UDP port        : all
  Broadcast       : Enabled
  Multicast       : Disabled

 - If we talk about lan-traffic, for the flexconnected-ap  , perhaps the workaround in this bug report can help :

                       https://bst.cloudapps.cisco.com/bugsearch/bug/CSCua30072

 M.

Hi Marce

I don't mean "lan traffic" - I am talking about the promise of being able to capture wireless client traffic from a wireless access point. That is what this feature is for? I don't keep up with every TAC Time Wireless call and perhaps this has been mentioned before as not working - I won't know - hence my question here.

The bug you listed is from 2017 and relates to AireOS (7.x).

I find it astounding that we can configure this feature and then get such a useless error message. People who write this software clearly have no understanding of how these products are used in the field by telling me "Access point is not capable of packet capture" - which means nothing to me. How about telling me what to do next? A colleague saw the same message on a brand new 9130 AP. And then proceeded to be able to do the packet capture via DNAC. 

My customer was on IOS-XE 16.12.3 and it didn't work. Then we upgraded to 17.3.3 and still doesn't work. 

Perhaps it only works via DNAC - which would be sad.

                                                >I don't mean "lan traffic"

  I know , I mean the ability to see (included) wireless traffic, when the flexconnect-ap is sending traffic 'locally'

 M.

Hi Arne,

AP Packet capture feature is for "AireOS" based APs and not supported on "COS AP". Therefore x800 series AP you cannot use it.

If you have Cisco DNAC, then it got an "Intelligent Packet Capture" option where you can do packet capture (full data packet capture or management packet captures). Since packets are captured at the AP level they directly feed into DNAC, so you can get visibility irrespective of the local mode or FlexConnect mode. This document is useful to check which software versions it supports

https://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/dna-center/guide-c07-744044.html 

Full data packet capture only supported in 9130 and 4802 AP models. In this method, You have the advantage of getting a fully decrypted view of 802.1X traffic. It requires IOS-XE 17.3.x code for 9800 and AireOS 8.10.x .

Refer below for software compatibility for DNAC iPCAP features.

HTH

Rasika

*** Pls rate all useful responses ***

Thanks mate. At least I know where to refer to. Seriously though, how hard can it be to capture the client data to a buffer? I am not asking for a sniffer. I just want the client data.  

Hi Arne,

As a sidenote I learned that Cisco is going to remove this feature starting from version 17.4 because "it refers to older radio tracing feature of IOS AP's, not the way forward".  

Best to do is AP in sniffer mode or run it via intelligent capture on DNAC (only supported on 9130 and 4800 APs)