User's Manual
Table Of Contents
- Contents
- 1 Deploying the M220
- 2 Using Quick setup
- 3 Managing the M220
- 4 Working with wireless communities and authentication
- 5 Wireless configuration
- 6 Creating WDS links
- 7 Configuring Ethernet, IP, and VLAN settings
- 8 Clustering multiple M220s
- 9 Maintenance
- 10 Tools
- 11 Support and other resources
100 Tools
Performance and security considerations
In remote packet trace mode, traffic is sent to the PC running Wireshark via one of the network
interfaces. Depending on where the Wireshark tool is located, the traffic can be sent on an
Ethernet interface or one of the radios. To avoid a traffic flood caused by tracing the trace
packets, the M220 automatically installs a trace filter to filter out all packets destined to the
Wireshark application. For example, if the Wireshark IP port is configured to be 58000, then
the following trace filter is automatically installed on the M220:
not portrange 58000-58004
Enabling the packet trace feature impacts M220 performance and can create a security issue
(unauthorized clients may be able to connect to the AP and trace user data). The M220
performance is negatively impacted even if there is no active Wireshark session with the AP.
The performance is negatively impacted to a greater extent when packet trace is in progress.
Due to performance and security issues, the packet trace mode is not saved in nonvolatile
memory on the M220. If the M220 resets, the trace mode is disabled and you must re-enable
it to resume capturing traffic. Packet trace parameters (other than mode) are saved in
nonvolatile memory.
To minimize any performance impact on the M220 while traffic trace is in progress, you should
install trace filters to limit which traffic is sent to the Wireshark tool. When capturing 802.11
traffic, a large portion of the captured frames tend to be beacons (typically sent every 100 ms
by all APs). Although Wireshark supports a display filter for beacon frames, it does not support
a trace filter to prevent the M220 from forwarding captured beacon packets to the Wireshark
tool. To reduce the performance impact of capturing the 802.11 beacons, you can disable the
trace beacons mode.
The remote packet trace facility is a standard feature of the Wireshark tool for Windows.
Note Remote packet trace is not standard on the Linux version of Wireshark. The Linux version does
not work with the AP.
Wireshark is an open source tool and is available for free. It can be downloaded from
www.wireshark.org.
Performing a remote packet trace
To perform a remote packet trace.
1. Set up the Wireshark session as described in Setting up Wireshark sessions on page 99.
2. On the M220 management tool, select Tools > Network trace.
3. In the Remote packet trace section, specify the Remote trace port. Specify the remote
port to use as the destination for packet captures. The range is 1 to 65530 and the default
port is 2002. If you change this value, you must select Save prior to starting the remote
trace.