Reset Search
 

 

Article

How to perform a frame filter

« Go Back

Information

 
TitleHow to perform a frame filter
Symptoms
Goal: track the flow of client traffic through aerohive devices.
Environment
Hardware: Any Hive OS device
Software: a program capable of accessing the CLI of a Hive OS device through SSH, telnet, or serial connection such as putty, terminal, or teraterm
Cause
Resolution
  1. Establish a CLI session with the AP using an SSH or a console port connection.
  2. Run the command "_kdebug fe basic"
    1. you can use things other than "basic" for more information such as "detail".  Put a ? in place of basic for a full list
  3. Then run one of these commands
    1. if the client has an IP use "_ff src-ip (clients IP) bi"
    2. if the client has no IP use "_ff src-mac (clients mac) bi"
    3. if you are specifically trying to track DHCP packets use "_ff dhcp (client mac)"
      1. You can also track by destination rather than source on the first two by changing "src" to "dst".
      2. if you only want to see the traffic going one way remove the "bi" from the command
  4. Once that is running have the client attempt to pass some traffic, the command is not retroactive
  5. Use the command "show log buff | include debug" to see the logs
  6. The logs should look something like this " (o) eth0  10.65.16.240->8.8.8.8(27156) ttl(255) icmp-echo-req(1/32349) 74 bytes"
  7. The "(o) eth0" mean this packet is being sent out the eth0 port.  It could also show (i) for incoming traffic or (!) for dropped traffic
    1. Dropped traffic is not always bad, if a broadcast comes in on wifi1.1 it would be forwarded out all interfaces but dropped on wifi1.1 as it already came in on wifi1.1
Additional notes

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255