01-06-2021 05:55 AM - edited 07-05-2021 12:58 PM
Hi guys, trying AP packet capture on the 9800 controller for the first time.
Does it work with AP's in flex mode?
I'm trying to start a AP packet capture on AP's running in flex mode, but getting a error: Error in Configuring Access point is not capable of packet capture. The AP is a 9120i. I've configured a capture profile in the AP join profile (the client I'm trying to packet capture is associated to a AP with the correct AP join profile)
Solved! Go to Solution.
01-06-2021 09:54 AM
>...
Feature is only available for IOS APs (Like AP 3702).
>...
M.
01-06-2021 06:29 PM
All 802.11ac Wave 2 APs (1800/2800/3800/4800) & 802.11ax APs (CAT91xx series) are COS based APs. All other APs are IOS based APs ( 17xx/27xx/37xx/16xx/26xx/36xx)
HTH
Rasika
01-06-2021 09:54 AM
>...
Feature is only available for IOS APs (Like AP 3702).
>...
M.
01-06-2021 11:20 AM
Thank you.
I thought the 9120 would go under that category, as it runs IOS ® XE. How can I check which AP's are IOS AP's?
01-06-2021 06:29 PM
All 802.11ac Wave 2 APs (1800/2800/3800/4800) & 802.11ax APs (CAT91xx series) are COS based APs. All other APs are IOS based APs ( 17xx/27xx/37xx/16xx/26xx/36xx)
HTH
Rasika
01-06-2021 11:26 PM
Interesting, thank you.
Do I need to remember which AP's are IOS and which are COS or is there any way I can check it on a specific AP (through CLI og product-sheet)?
06-04-2021 02:17 AM
Hi @marce1000 and @Rasika Nayanajith
Do you guys know if this should work for FlexConnect scenarios too?
I have a customer who has a 9800-CL setup and 3802I APs. All of the APs are in FlexConnect mode.
I setup the packet capture profile and tied it to the AP Join Profile etc. All seems good. But always the same error as shown below (same error in GUI). I even rebooted the WLC and the APs by upgrading from 16.12 to 17.3.3 - but new code and complete reboot didn't improve matters
WLC01#ap packet-capture start 084f.f923.17f4 static AP-A4 % Error: Access point is not capable of packet capture
I have been told that this doesn't work via the CLI nor via the GUI and that it should be done by DNAC. We have DNAC but the 9800 is not yet integrated. I feel though that this feature should work via CLI or WLC GUI.
I tested the FTP from the WLC using a "copy" command to copy a bootflash file to the ftp server. That works.
I followed the exact steps as per the Cisco document. And the profile below is assigned to the AP's join profile. What else could be the problem? The document doesn't say anything about FlexConnect though. And there is a screenshot in that link that puts the AP in "Local" mode ... hence my suspicion that this DOESN'T work in Flex mode:
WLC01#show wireless profile ap packet-capture detailed PC Profile Name : PC Description : --------------------------------------------------- Buffer Size : 2048 KB Capture Duration : 10 Minutes Truncate Length : packet length FTP Server IP : 10.10.50.245 FTP path : / FTP Username : arne Packet Classifiers 802.11 Control : Enabled 802.11 Mgmt : Enabled 802.11 Data : Enabled Dot1x : Enabled ARP : Enabled IAPP : Enabled IP : Enabled TCP : Enabled TCP port : all UDP : Disabled UDP port : all Broadcast : Enabled Multicast : Disabled
06-04-2021 02:36 AM
- If we talk about lan-traffic, for the flexconnected-ap , perhaps the workaround in this bug report can help :
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCua30072
M.
06-04-2021 02:45 AM
Hi Marce
I don't mean "lan traffic" - I am talking about the promise of being able to capture wireless client traffic from a wireless access point. That is what this feature is for? I don't keep up with every TAC Time Wireless call and perhaps this has been mentioned before as not working - I won't know - hence my question here.
The bug you listed is from 2017 and relates to AireOS (7.x).
I find it astounding that we can configure this feature and then get such a useless error message. People who write this software clearly have no understanding of how these products are used in the field by telling me "Access point is not capable of packet capture" - which means nothing to me. How about telling me what to do next? A colleague saw the same message on a brand new 9130 AP. And then proceeded to be able to do the packet capture via DNAC.
My customer was on IOS-XE 16.12.3 and it didn't work. Then we upgraded to 17.3.3 and still doesn't work.
Perhaps it only works via DNAC - which would be sad.
06-04-2021 02:48 AM
>I don't mean "lan traffic"
I know , I mean the ability to see (included) wireless traffic, when the flexconnect-ap is sending traffic 'locally'
M.
06-04-2021 03:13 AM
Hi Arne,
AP Packet capture feature is for "AireOS" based APs and not supported on "COS AP". Therefore x800 series AP you cannot use it.
If you have Cisco DNAC, then it got an "Intelligent Packet Capture" option where you can do packet capture (full data packet capture or management packet captures). Since packets are captured at the AP level they directly feed into DNAC, so you can get visibility irrespective of the local mode or FlexConnect mode. This document is useful to check which software versions it supports
Full data packet capture only supported in 9130 and 4802 AP models. In this method, You have the advantage of getting a fully decrypted view of 802.1X traffic. It requires IOS-XE 17.3.x code for 9800 and AireOS 8.10.x .
Refer below for software compatibility for DNAC iPCAP features.
HTH
Rasika
*** Pls rate all useful responses ***
06-04-2021 05:01 AM
Thanks mate. At least I know where to refer to. Seriously though, how hard can it be to capture the client data to a buffer? I am not asking for a sniffer. I just want the client data.
06-04-2021 03:26 AM
Hi Arne,
As a sidenote I learned that Cisco is going to remove this feature starting from version 17.4 because "it refers to older radio tracing feature of IOS AP's, not the way forward".
Best to do is AP in sniffer mode or run it via intelligent capture on DNAC (only supported on 9130 and 4800 APs)
06-29-2021 06:14 AM
I don't understand why this feature is not supported on current APs 2800/3800/91xx. Probably nearly no one is using IOS-XE with legacy AireOS APs only.
Even if we use the "detour" via DNA-C also only very limited number of APs is supported. Only 9130, but not 9120, 9115.
Why isn't it possible with latest IOS-XE and latest 91xx APs to simply capture WiFi Traffic? Other vendors do support this feature since ages.
08-30-2022 04:50 AM
Hello,
I also tried to do the packet capture on a 9800 WLC running 17.3.5a, and got the same error message "Access point is not capable of packet capture". The client MAC address I specified was associated with a 3802 AP, which, based on the link mentioned in the solution, is not able to do the packet capture.
I checked the 17.3 configuration guides, and they don't specify a limitation on specific AP models/types. Checking the 17.6 configuration guide, it shows the same information as the 17.3 guide, and shows how to configure a feature that - based on what was said in the solution - will only work on IOS APs, but IOS APs do not support 17.6... How does that make sense?
How can we perform a packet capture on a 9800 WLC that has 2800/3800 or 9100 series APs if we do not have a DNAC?
Link to 17.3 configuration guide section on AP Packet Capture
Link to 17.6 configuration guide section on AP Packet Capture
Thanks,
Luke
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide