疑難排解 COS AP
目錄
簡介
本文檔介紹運行COS作業系統的AP(獵豹OS、點選作業系統、簡單的Cisco AP作業系統)可用的部分故障排除工具。
必要條件
需求
本文件沒有特定需求。
採用元件
本文檔重點介紹COS AP,如2800、3800、1560和4800系列的AP型號,以及新的11ax AP Catalyst 91xx。
本文檔重點介紹AireOS 8.8及更高版本中提供的許多功能。以及Cisco IOS® XE 16.12.2s及更高版本。
對於先前版本中某些功能的可用性,可能會有一些註釋。
本文中的資訊是根據特定實驗室環境內的裝置所建立。文中使用到的所有裝置皆從已清除(預設)的組態來啟動。如果您的網路運作中,請確保您瞭解任何指令可能造成的影響。
擷取封包追蹤(監聽器追蹤)
AP連線埠上的有線PCAP
可以在AP乙太網埠上配置pcap。您可以在CLI上顯示即時結果(僅包含彙總的資料包詳細資訊),或者將其儲存為AP快閃記憶體中的完整pcap。
有線pcap會擷取乙太網路端的所有內容(包括Rx/Tx),而AP內的分流點會在封包接通之前立即開啟。
但是,它僅捕獲AP CPU平面流量,這意味著進出該AP的流量(AP DHCP、AP capwap控制隧道……),且不顯示客戶端流量。
請注意,大小非常有限(最大大小限制為5MB),因此可能需要配置過濾器以僅捕獲您感興趣的流量。
在嘗試複製流量捕獲之前,請確保使用「no debug traffic wired ip capture」或只使用「undebug all」來停止流量捕獲(否則複製不會以仍寫入的資料包結束)。
程式
步驟 1.啟動pcap;使用「debug traffic wired ip capture」選擇流量型別:
AP70DB.98E1.3DEC#debug traffic wired ip capture
% Writing packets to "/tmp/pcap/AP70DB.98E1.3DEC_capture.pcap0"
AP70DB.98E1.3DEC#reading from file /dev/click_wired_log, link-type EN10MB (Ethernet)
步驟 2.等待流量流動,然後使用「no debug traffic wired ip capture」命令或簡單的「undebug all」命令停止捕獲:
AP70DB.98E1.3DEC#no debug traffic wired ip capture
步驟 3.將檔案複製到tftp/scp伺服器:
AP70DB.98E1.3DEC#copy pcap AP70DB.98E1.3DEC_capture.pcap0 tftp 192.168.1.100
###################################################################################################################################################################### 100.0%
AP70DB.98E1.3DEC#
步驟 4.現在您可以在wireshark中打開該檔案。 檔案為pcap0。更改為pcap,使其自動與wireshark關聯。
命令選項
debug traffic wired命令有幾個選項可以幫助您捕獲特定流量:
APC4F7.D54C.E77C#debug traffic wired
<0-3> wired debug interface number
filter filter packets with tcpdump filter string
ip Enable wired ip traffic dump
tcp Enable wired tcp traffic dump
udp Enable wired udp traffic dum
您可以在debug命令的末尾增加「verbose」,以檢視資料包的十六進位制轉儲。請注意,如果您的過濾器不夠窄,這可能會很快淹沒CLI會話。
使用過濾器實現有線PCAP
過濾器格式與tcpdump捕獲過濾器格式相對應。
| 過濾器示例 |
說明 |
|
| 主機 |
「主機192.168.2.5」 |
這樣會過濾資料包捕獲,只收集到達或來自主機192.168.2.5的資料包。 |
| 「src host 192.168.2.5」 |
這樣會過濾資料包捕獲,只收集來自192.168.2.5的資料包。 |
|
| 「dst host 192.168.2.5」 |
這樣會過濾資料包捕獲,只收集指向192.168.2.5的資料包。 |
|
| 連接埠 |
「埠443」 |
這會過濾資料包捕獲,使其僅收集源或目的地為埠443的資料包。 |
| "src埠1055" |
這會擷取源自連線埠1055的流量。 |
|
| 「dst埠443」 |
這會擷取目的地為連線埠443的流量。 |
以下是一個示例,其中輸出顯示在控制檯上,但也經過過濾以僅檢視CAPWAP資料包:
APC4F7.D54C.E77C#debug traffic wired filter "port 5246"
APC4F7.D54C.E77C#reading from file /dev/click_wired_log, link-type EN10MB (Ethernet)
12:20:50.483125 IP APC4F7-D54C-E77C.lan.5264 > 192.168.1.15.5246: UDP, length 81
12:20:50.484361 IP 192.168.1.15.5246 > APC4F7-D54C-E77C.lan.5264: UDP, length 97
APC4F7.D54C.E77C#no debug traffic wired filter "port 5246"
APC4F7.D54C.E77C#Killed
APC4F7.D54C.E77C#
檔案的輸出範例:
APC4F7.D54C.E77C#debug traffic wired filter "port 5246" capture
% Writing packets to "/tmp/pcap/APC4F7.D54C.E77C_capture.pcap0"
APC4F7.D54C.E77C#reading from file /dev/click_wired_log, link-type EN10MB (Ethernet)
APC4F7.D54C.E77C#no debug traffic wired filter "port 5246" capture
APC4F7.D54C.E77C#copy pcap APC4F7.D54C.E77C_capture.pcap0 tftp 192.168.1.100
###################################################################################################################################################################### 100.0%
APC4F7.D54C.E77C#
在wireshark上打開捕獲:
無線電捕獲
可以在無線電的控制平面上捕獲資料包。由於效能影響,無法在無線電資料平面上擷取。
這意味著客戶端關聯流(探測、身份驗證、關聯、eap、arp、dhcp資料包以及ipv6控制資料包、icmp和ndp)可見,但客戶端在進入連線狀態後傳遞的資料不可見。
程式
步驟 1.增加跟蹤的客戶端mac地址。可以增加多個MAC地址。也可以為所有客戶端運行該命令,但不建議這樣做。
config ap client-trace address add < client-mac> --- Per client debugging. Allows multiple macs.
config ap client-trace all-clients <enable | disable> -- All clients debugging. Not recommended.
步驟 2.設定過濾器以僅記錄特定協定或所有支援的協定:
config ap client-trace filter <all|arp|assoc|auth|dhcp|eap|icmp|ipv6|ndp|probe> <enable|disable>
步驟 3.選擇在主控台上顯示輸出(非同步):
configure ap client-trace output console-log enable
步驟 4.開始追蹤。
config ap client-trace start
範例:
AP0CD0.F894.46E4#show dot11 clients
Total dot11 clients: 1
Client MAC Slot ID WLAN ID AID WLAN Name RSSI Maxrate WGB
A8:DB:03:08:4C:4A 0 1 1 testewlcwlan -41 MCS92SS No
AP0CD0.F894.46E4#config ap client-trace address add A8:DB:03:08:4C:4A
AP0CD0.F894.46E4#config ap client-trace filter
all Trace ALL filters
arp Trace arp Packets
assoc Trace assoc Packets
auth Trace auth Packets
dhcp Trace dhcp Packets
eap Trace eap Packets
icmp Trace icmp Packets
ipv6 Trace IPv6 Packets
ndp Trace ndp Packets
probe Trace probe Packets
AP0CD0.F894.46E4#config ap client-trace filter all enable
AP0CD0.F894.46E4#configure ap client-trace output console-log enable
AP0CD0.F894.46E4#configure ap client-trace start
AP0CD0.F894.46E4#term mon
停止擷取:
configure ap client-trace stop
configure ap client-trace clear
configure ap client-trace address clear
驗證
驗證客戶端跟蹤:
AP70DB.98E1.3DEC#show ap client-trace status
Client Trace Status : Started
Client Trace ALL Clients : disable
Client Trace Address : a8:db:03:08:4c:4a
Remote/Dump Client Trace Address : a8:db:03:08:4c:4a
Client Trace Filter : probe
Client Trace Filter : auth
Client Trace Filter : assoc
Client Trace Filter : eap
Client Trace Filter : dhcp
Client Trace Filter : dhcpv6
Client Trace Filter : icmp
Client Trace Filter : icmpv6
Client Trace Filter : ndp
Client Trace Filter : arp
Client Trace Output : eventbuf
Client Trace Output : console-log
Client Trace Output : dump
Client Trace Output : remote
Remote trace IP : 192.168.1.100
Remote trace dest port : 5688
NOTE - Only VIP packets are seen on remote if VIP is enabled
Dump packet length : 10
Client Trace Inline Monitor : disable
Client Trace Inline Monitor pkt-attach : disable
成功的客戶端連線示例:
括弧中的字母可幫助您瞭解看到幀的位置(E表示乙太網,W表示無線,C表示在AP內部的Click模組)和方向(上載或下載)。
以下是這些字母意義的小表:
U -上行鏈路資料包(來自客戶端)
D -下行鏈路資料包(用於點選)
W -模組無線驅動程式
E -模組乙太網驅動程式
C -模組點選
附註: 從17.12.1開始,增加了一個附加字母A,以幫助驗證資料包是否透過空中傳送:
[D:W]部分,用於讓aptrace知道有關透過kclick成功傳遞給驅動程式的mgmt/data pkts
[D:A]部分,用於讓aptrace知道在空中傳送pkt時對應的管理/資料封包傳送完成狀態
其他選項
以非同步方式檢視記錄:
然後可使用命令「show ap client-trace events mac xx:xx:xx:xx:xx:xx:xx」檢視日誌(或將mac替換為「all」)
AP0CD0.F894.46E4#show ap client-trace events mac a8:db:03:08:4c:4a
[*04/06/2020 10:11:54.287675] [AP0CD0.F894.46E4] [a8:db:03:08:4c:4a] <apr1v1> [U:W] DOT11_AUTHENTICATION : (.)
[*04/06/2020 10:11:54.288144] [AP0CD0.F894.46E4] [a8:db:03:08:4c:4a] <apr1v0> [D:W] DOT11_AUTHENTICATION : (.)
[*04/06/2020 10:11:54.289870] [AP0CD0.F894.46E4] [a8:db:03:08:4c:4a] <apr1v0> [U:W] DOT11_ASSOC_REQUEST : (.)
[*04/06/2020 10:11:54.317341] [AP0CD0.F894.46E4] [a8:db:03:08:4c:4a] <apr1v0> [D:W] DOT11_ASSOC_RESPONSE : (.)
[*04/06/2020 10:11:54.341370] [AP0CD0.F894.46E4] [a8:db:03:08:4c:4a] <apr1v0> [D:W] EAPOL_KEY.M1 : DescType 0x02 KeyInfo 0x008b
[*04/06/2020 10:11:54.374500] [AP0CD0.F894.46E4] [a8:db:03:08:4c:4a] <apr1v0> [U:W] EAPOL_KEY.M2 : DescType 0x02 KeyInfo 0x010b
[*04/06/2020 10:11:54.377237] [AP0CD0.F894.46E4] [a8:db:03:08:4c:4a] <apr1v0> [D:W] EAPOL_KEY.M3 : DescType 0x02 KeyInfo 0x13cb
[*04/06/2020 10:11:54.390255] [AP0CD0.F894.46E4] [a8:db:03:08:4c:4a] <apr1v0> [U:W] EAPOL_KEY.M4 : DescType 0x02 KeyInfo 0x030b
[*04/06/2020 10:11:54.396855] [AP0CD0.F894.46E4] [a8:db:03:08:4c:4a] <apr1v0> [U:W] DOT11_ACTION : (.)
[*04/06/2020 10:11:54.416650] [AP0CD0.F894.46E4] [a8:db:03:08:4c:4a] <apr1v0> [D:W] DOT11_ACTION : (.)
[*04/06/2020 10:11:54.469089] [AP0CD0.F894.46E4] [a8:db:03:08:4c:4a] <apr1v0> [U:W] DOT11_ACTION : (.)
[*04/06/2020 10:11:54.469157] [AP0CD0.F894.46E4] [a8:db:03:08:4c:4a] <apr1v0> [D:W] DOT11_ACTION : (.)
[*04/06/2020 10:11:57.921877] [AP0CD0.F894.46E4] [a8:db:03:08:4c:4a] <apr1v0> [U:W] DOT11_ACTION : (.)
[*04/06/2020 10:11:57.921942] [AP0CD0.F894.46E4] [a8:db:03:08:4c:4a] <apr1v0> [D:W] DOT11_ACTION : (.)
[*04/06/2020 10:15:36.123119] [AP0CD0.F894.46E4] [a8:db:03:08:4c:4a] <apr1v0> [D:W] DOT11_DEAUTHENTICATION : (.)
[*04/06/2020 10:15:36.127731] [AP0CD0.F894.46E4] [a8:db:03:08:4c:4a] <apr1v0> [D:W] DOT11_DISASSOC : (.)
[*04/06/2020 10:17:24.128751] [AP0CD0.F894.46E4] [a8:db:03:08:4c:4a] <apr0v0> [U:W] DOT11_AUTHENTICATION : (.)
[*04/06/2020 10:17:24.128870] [AP0CD0.F894.46E4] [a8:db:03:08:4c:4a] <apr0v1> [U:W] DOT11_AUTHENTICATION : (.)
[*04/06/2020 10:17:24.129303] [AP0CD0.F894.46E4] [a8:db:03:08:4c:4a] <apr0v0> [D:W] DOT11_AUTHENTICATION : (.)
[*04/06/2020 10:17:24.133026] [AP0CD0.F894.46E4] [a8:db:03:08:4c:4a] <apr0v0> [U:W] DOT11_ASSOC_REQUEST : (.)
[*04/06/2020 10:17:24.136095] [AP0CD0.F894.46E4] [a8:db:03:08:4c:4a] <apr0v0> [D:W] DOT11_ASSOC_RESPONSE : (.)
[*04/06/2020 10:17:24.138732] [AP0CD0.F894.46E4] [a8:db:03:08:4c:4a] <apr0v0> [D:W] EAPOL_KEY.M1 : DescType 0x02 KeyInfo 0x008b
[*04/06/2020 10:17:24.257295] [AP0CD0.F894.46E4] [a8:db:03:08:4c:4a] <apr0v0> [U:W] EAPOL_KEY.M2 : DescType 0x02 KeyInfo 0x010b
[*04/06/2020 10:17:24.258105] [AP0CD0.F894.46E4] [a8:db:03:08:4c:4a] <apr0v0> [D:W] EAPOL_KEY.M3 : DescType 0x02 KeyInfo 0x13cb
[*04/06/2020 10:17:24.278937] [AP0CD0.F894.46E4] [a8:db:03:08:4c:4a] <apr0v0> [U:W] EAPOL_KEY.M4 : DescType 0x02 KeyInfo 0x030b
[*04/06/2020 10:17:24.287459] [AP0CD0.F894.46E4] [a8:db:03:08:4c:4a] <apr0v0> [U:W] DOT11_ACTION : (.)
[*04/06/2020 10:17:24.301344] [AP0CD0.F894.46E4] [a8:db:03:08:4c:4a] <apr0v0> [D:W] DOT11_ACTION : (.)
[*04/06/2020 10:17:24.327482] [AP0CD0.F894.46E4] [a8:db:03:08:4c:4a] <apr0v0> [U:W] DOT11_ACTION : (.)
[*04/06/2020 10:17:24.327517] [AP0CD0.F894.46E4] [a8:db:03:08:4c:4a] <apr0v0> [D:W] DOT11_ACTION : (.)
[*04/06/2020 10:17:24.430136] [AP0CD0.F894.46E4] [a8:db:03:08:4c:4a] <apr0v0> [U:W] DOT11_ACTION : (.)
[*04/06/2020 10:17:24.430202] [AP0CD0.F894.46E4] [a8:db:03:08:4c:4a] <apr0v0> [D:W] DOT11_ACTION : (.)
[*04/06/2020 10:19:08.075326] [AP0CD0.F894.46E4] [a8:db:03:08:4c:4a] <apr0v0> [U:W] DOT11_PROBE_REQUEST : (.)
[*04/06/2020 10:19:08.075392] [AP0CD0.F894.46E4] [a8:db:03:08:4c:4a] <apr0v0> [D:W] DOT11_PROBE_RESPONSE : (.)
[*04/06/2020 10:19:08.075437] [AP0CD0.F894.46E4] [a8:db:03:08:4c:4a] <apr0v1> [U:W] DOT11_PROBE_REQUEST : (.)
以十六進位制格式轉儲資料包
您可以在CLI中以十六進位制格式轉儲資料包:
configure ap client-trace output dump address add xx:xx:xx:xx:xx:xx
configure ap client-trace output dump enable x -> Enter the packet dump length value
然後,您可以清除十六進位制轉儲並以txt格式儲存並導入到wireshark:
由於輸出可能非常大,並且考慮到輸出僅提及可見的幀型別而不提及任何內部細節,因此將資料包捕獲重定向到運行捕獲應用程式(如wireshark)的筆記型電腦會更加高效。
啟用遠端捕獲功能,以便使用wireshark將資料包傳送到外部裝置:
config ap client-trace output remote enable
該命令表示AP將客戶端跟蹤過濾器捕獲的每個幀轉發到地址為192.168.68.68的筆記型電腦,並在埠5000上使用PEEKREMOTE封裝(就像嗅探器模式下的AP一樣)。
一個限制是,目標筆記型電腦必須與您在其上運行此命令的AP位於同一子網中。您可以更改埠號,以適應網路中任何現有的安全策略。
在運行Wireshark的筆記型電腦上收到所有資料包後,可以按一下右鍵udp 5000報頭並選擇decode as並選擇peekremote,如下圖所示:
此功能的錯誤清單和增強功能:
思科漏洞ID CSCvm09020
8.8上的客戶端跟蹤不再顯示DNS
思科漏洞ID CSCvm09015 客戶端跟蹤顯示許多ICMP_other,序列號為null
思科漏洞ID CSCvm02676 AP COS client-trace不捕獲webauth資料包
思科漏洞ID CSCvm02613 AP COS客戶端跟蹤遠端輸出不起作用
思科漏洞ID CSCvm00855 客戶端跟蹤SEQ編號不一致
從9800 WLC控制AP客戶端跟蹤
您可以配置多個AP來執行無線電客戶端跟蹤,並從
步驟 1.配置定義要捕獲哪些流量的AP跟蹤配置檔案
config term
wireless profile ap trace
filter all no filter probe output console-log
步驟2.將AP跟蹤配置檔案增加到目標的AP使用的AP加入配置檔案。
ap profile < ap join profile name>
trace
確保此AP加入配置檔案應用於目標AP使用的站點標籤
第4步觸發啟動/停止
ap trace client start ap
client all/
ap trace client stop ap
client all/
ap trace client start site
client all/
ap trace client stop site
client all/
驗證命令:
show wireless profile ap trace summary
show wireless profile ap trace detailed PROF_NAME detail
sh ap trace client summary
show ap trace unsupported-ap summaryAP上的客戶端調試捆綁包
如果您正在偵錯一或多個特定使用者端,使用使用者端偵錯套件功能可能比收集無線電偵錯/擷取更容易。
步驟 1.確定要排除故障的客戶端。
9164#show dot11 clients
Total dot11 clients: 6
Client MAC Slot ID WLAN ID AID WLAN Name RSSI Maxrate is_wgb_wired is_
mld_sta
52:1E:34:C9:D6:F3 1 2 35 MySSID -62 M7 No
No
80:A9:97:2C:DC:6E 1 2 34 MySSID -47 MCS112SS No
No
E8:D8:D1:1F:71:F3 0 2 35 MySSID -62 M7 No
No
6A:E4:06:E7:AB:E1 1 2 33 MySSID -44 MCS112SS No
No
00:1D:63:70:AC:23 0 2 33 MySSID -56 M7 No
No
68:72:C3:FD:17:F5 0 2 34 MySSID -53 M15 No
No
步驟 2.為一個或多個客戶端MAC地址啟動調試
9164#debug client-bundle start debug 80:A9:97:2C:DC:6E
WORD
依預設,熒幕上不會列印任何內容。您可以啟用terminal monitor,並檢視正在列印的調試,但請注意,這將使終端非常難以使用。收集捆綁包無需在終端上列印調試。
步驟 3.您必須先停止調試捆綁包,然後才能上載其輸出(請參閱下面的示例):
debug client-bundle start debug 80:A9:97:2C:DC:6E步驟 4.將套件組合上傳到FTP或SCP伺服器(以提醒WLC可以充當SCP伺服器)
9164#debug client-bundle upload tftp 192.168.129.29 80:a9:97:2c:dc:6e
2024-09-04 11:58:48 Creating client bundle, please wait...
2024-09-04 11:59:01 Client bundle file 9164-_client_bundle.17.15.1.6.20240904.115848.tgz created.
2024-09-04 11:59:01 TFTP uploading...
Successful file transfer:
9164_client_bundle.17.15.1.6.20240904.115848.tgz
9164#TGZ套件包含4個檔案:
- 2包含與無線電和客戶端相關的show命令
- 1關於實際調試(如果執行term mon,則會在終端上顯示)
- 1個包含syslog
處於監聽器模式的 Catalyst 91xx AP
新的Catalyst 9115、9117、9120和9130可以在監聽器模式下設定。此過程與以前的AP型號相同。
疑難排解提示
路徑MTU
雖然路徑MTU發現可找到AP的最佳MTU,但可以手動覆蓋此設定。
在AireOS 8.10.130 WLC上,命令config ap pmtu disable <ap/all>會為一個或所有AP設定靜態MTU,而不是依賴動態發現機制。
若要在開機時啟用偵錯
您可以運行config boot debug capwap以在下次引導時啟用capwap、DTLS和DHCP調試,甚至在作業系統引導並顯示提示之前也是如此。
您也可以使用「config boot debug memory xxxx」進行多個記憶體調試。
您可以使用「show boot」來檢視是否已在下次重新啟動時啟用啟動調試。
您可以透過在結尾處新增disable關鍵字(例如「config boot debug capwap disable」)來停用這些功能。
省電機制
透過運行以下命令,可以排除給定客戶端的節能故障
debug client trace <mac address>
客戶端QoS
要驗證QoS標籤是否已應用,您可以運行「debug capwap client qos」。
它顯示無線客戶端的資料包的UP值。
自8.8起,它不可以進行MAC過濾; 增強請求Cisco bug IDCSCvm08899 )。
labAP#debug capwap client qos [*08/20/2018 09:43:36.3171] chatter: set_qos_up :: SetQosPriority: bridged packet dst: 00:AE:FA:78:36:89 UP: 0 [*08/20/2018 09:43:45.0051] chatter: set_qos_up :: SetQosPriority: bridged packet dst: 00:AE:FA:78:36:89 UP: 0 [*08/20/2018 09:43:45.5463] chatter: set_qos_up :: SetQosPriority: bridged packet dst: 00:AE:FA:78:36:89 UP: 0 [*08/20/2018 09:43:46.5687] chatter: set_qos_up :: SetQosPriority: bridged packet dst: AC:81:12:C7:CD:35 UP: 5 [*08/20/2018 09:43:47.0982] chatter: set_qos_up :: SetQosPriority: bridged packet dst: AC:81:12:C7:CD:35 UP: 5
您還可以驗證AP上的Qos UP到DSCP表,以及Qos標籤、整形和丟棄的資料包總數:
LabAP#show dot11 qos Qos Policy Maps (UPSTREAM) no policymap Qos Stats (UPSTREAM) total packets: 0 dropped packets: 0 marked packets: 0 shaped packets: 0 policed packets: 0 copied packets: 0 DSCP TO DOT1P (UPSTREAM) Default dscp2dot1p Table Value: [0]->0 [1]->2 [2]->10 [3]->18 [4]->26 [5]->34 [6]->46 [7]->48 Active dscp2dot1p Table Value: [0]->0 [1]->2 [2]->10 [3]->18 [4]->26 [5]->34 [6]->46 [7]->48 Qos Policy Maps (DOWNSTREAM) no policymap Qos Stats (DOWNSTREAM) total packets: 0 dropped packets: 0 marked packets: 0 shaped packets: 0 policed packets: 0 copied packets: 0 DSCP TO DOT1P (DOWNSTREAM) Default dscp2dot1p Table Value: [0]->0 [1]->-1 [2]->1 [3]->-1 [4]->1 [5]->-1 [6]->1 [7]->-1 [8]->-1 [9]->-1 [10]->2 [11]->-1 [12]->2 [13]->-1 [14]->2 [15]->-1 [16]->-1 [17]->-1 [18]->3 [19]->-1 [20]->3 [21]->-1 [22]->3 [23]->-1 [24]->-1 [25]->-1 [26]->4 [27]->-1 [28]->-1 [29]->-1 [30]->-1 [31]->-1 [32]->-1 [33]->-1 [34]->5 [35]->-1 [36]->-1 [37]->-1 [38]->-1 [39]->-1 [40]->-1 [41]->-1 [42]->-1 [43]->-1 [44]->-1 [45]->-1 [46]->6 [47]->-1 [48]->7 [49]->-1 [50]->-1 [51]->-1 [52]->-1 [53]->-1 [54]->-1 [55]->-1 [56]->7 [57]->-1 [58]->-1 [59]->-1 [60]->-1 [61]->-1 [62]->-1 [63]->-1 Active dscp2dot1p Table Value: [0]->0 [1]->-1 [2]->1 [3]->-1 [4]->1 [5]->-1 [6]->1 [7]->-1 [8]->-1 [9]->-1 [10]->2 [11]->-1 [12]->2 [13]->-1 [14]->2 [15]->-1 [16]->-1 [17]->-1 [18]->3 [19]->-1 [20]->3 [21]->-1 [22]->3 [23]->-1 [24]->-1 [25]->-1 [26]->4 [27]->-1 [28]->-1 [29]->-1 [30]->-1 [31]->-1 [32]->-1 [33]->-1 [34]->5 [35]->-1 [36]->-1 [37]->-1 [38]->-1 [39]->-1 [40]->-1 [41]->-1 [42]->-1 [43]->-1 [44]->-1 [45]->-1 [46]->6 [47]->-1 [48]->7 [49]->-1 [50]->-1 [51]->-1 [52]->-1 [53]->-1 [54]->-1 [55]->-1 [56]->7 [57]->-1 [58]->-1 [59]->-1 [60]->-1 [61]->-1 [62]->-1 [63]->-1 LabAP#
在WLC上定義Qos策略並在Flexconnect AP上下載時,可以使用進行驗證:
AP780C-F085-49E6#show policy-map
2 policymaps
Policy Map BWLimitAAAClients type:qos client:default
Class BWLimitAAAClients_AVC_UI_CLASS
drop
Class BWLimitAAAClients_ADV_UI_CLASS
set dscp af41 (34)
Class class-default
police rate 5000000 bps (625000Bytes/s)
conform-action
exceed-action
Policy Map platinum-up type:qos client:default
Class cm-dscp-set1-for-up-4
set dscp af41 (34)
Class cm-dscp-set2-for-up-4
set dscp af41 (34)
Class cm-dscp-for-up-5
set dscp af41 (34)
Class cm-dscp-for-up-6
set dscp ef (46)
Class cm-dscp-for-up-7
set dscp ef (46)
Class class-default
no actions
在Qos速率限制的情況下:
AP780C-F085-49E6#show rate-limit client
Config:
mac vap rt_rate_out rt_rate_in rt_burst_out rt_burst_in nrt_rate_out nrt_rate_in nrt_burst_out nrt_burst_in
A8:DB:03:6F:7A:46 2 0 0 0 0 0 0 0 0
Statistics:
name up down
Unshaped 0 0
Client RT pass 0 0
Client NRT pass 0 0
Client RT drops 0 0
Client NRT drops 0 38621
9 54922 0
頻道外掃描
除錯AP的通道外掃描在排查欺詐檢測故障時非常有用(用於驗證AP是否以及何時進入特定通道進行掃描),但在未使用「通道外掃描延遲」功能時,在敏感即時流不斷中斷的影片故障排除中也很有用。
debug rrm off-channel defer
debug rrm off-chanel dbg (starting 17.8.1) debug rrm off-channel schedule
debug rrm off-channel voice (starting 17.8.1)
debug rrm schedule (starting 17.8.1, debug NDP packet tx) show trace dot_11 channel enable
[*06/11/2020 09:45:38.9530] wcp/rrm_userspace_0/rrm_schedule :: RRMSchedule process_int_duration_timer_local rrm_is_msmt_schedule_local passive scan on channel 5 bandwidth 20MHz
[*06/11/2020 09:45:39.0550] noise measurement channel 5 noise 89
[*06/11/2020 09:45:43.5490] wcp/rrm_userspace_1/rrm_schedule :: RRMSchedule process_int_duration_timer_local rrm_is_msmt_schedule_local passive scan on channel 140 bandwidth 20MHz
[*06/11/2020 09:45:43.6570] noise measurement channel 140 noise 97
用戶端連線
可以使用最後一個事件時間戳列出已經由存取點取消身份驗證的客戶端:
LabAP#show dot11 clients deauth
timestamp mac vap reason_code
Mon Aug 20 09:50:59 2018 AC:BC:32:A4:2C:D3 9 4
Mon Aug 20 09:52:14 2018 00:AE:FA:78:36:89 9 4
Mon Aug 20 10:31:54 2018 00:AE:FA:78:36:89 9 4
在前面的輸出中,原因代碼是取消身份驗證原因代碼,如以下連結中所述:
Vap是指AP內WLAN的識別符號(與WLC !!!上的WLAN ID不同)。
您可以將其與隨後詳細描述的其他輸出互動關聯,這些輸出總是提及關聯客戶端的vap。
您可以透過「show controllers Dot11Radio 0/1 wlan」檢視VAP id清單。
當客戶端仍然關聯時,您可以獲取有關其連線的詳細資訊:
LabAP#show dot11 clients
Total dot11 clients: 1
Client MAC Slot ID WLAN ID AID WLAN Name RSSI Maxrate WGB
00:AE:FA:78:36:89 1 10 1 TestSSID -25 MCS82SS No
如需有關使用者端專案的更多詳細資訊,請參閱:
LabAP#show client summ
Radio Driver client Summary:
==============================
wifi0
[*08/20/2018 11:54:59.5340]
[*08/20/2018 11:54:59.5340] Total STA List Count 0
[*08/20/2018 11:54:59.5340] | NO| MAC|STATE|
[*08/20/2018 11:54:59.5340] -----------------------------
wifi1
[*08/20/2018 11:54:59.5357]
[*08/20/2018 11:54:59.5357] Total STA List Count 1
[*08/20/2018 11:54:59.5357] | NO| MAC|STATE|
[*08/20/2018 11:54:59.5357] -----------------------------
[*08/20/2018 11:54:59.5357] | 1| 0:ffffffae:fffffffa:78:36:ffffff89| 8|
Radio Driver Client AID List:
==============================
wifi0
[*08/20/2018 11:54:59.5415]
[*08/20/2018 11:54:59.5415] Total STA-ID List Count 0
[*08/20/2018 11:54:59.5415] | NO| MAC|STA-ID|
[*08/20/2018 11:54:59.5415] ------------------------------
wifi1
[*08/20/2018 11:54:59.5431]
[*08/20/2018 11:54:59.5431] Total STA-ID List Count 1
[*08/20/2018 11:54:59.5431] | NO| MAC|STA-ID|
[*08/20/2018 11:54:59.5432] ------------------------------
[*08/20/2018 11:54:59.5432] | 1| 0:ffffffae:fffffffa:78:36:ffffff89| 6|
WCP client Summary:
=====================
mac radio vap aid state encr Maxrate is_wgb_wired wgb_mac_addr
00:AE:FA:78:36:89 1 9 1 FWD AES_CCM128 MCS82SS false 00:00:00:00:00:00
NSS client Summary:
=====================
Current Count: 3
| MAC | OPAQUE |PRI POL|VLAN|BR|TN|QCF|BSS|RADID|MYMAC|
|F8:0B:CB:E4:7F:41|00000000| 3| 0| 1| 1| 0| 2| 3| 1|
|F8:0B:CB:E4:7F:40|00000000| 3| 0| 1| 1| 0| 2| 3| 1|
|00:AE:FA:78:36:89|00000003| 1| 0| 1| 1| 0| 9| 1| 0|
Datapath IPv4 client Summary:
===============================
id vap port node tunnel mac seen_ip hashed_ip sniff_ago confirm_ago
00:AE:FA:78:36:89 9 apr1v9 192.0.2.13 - 00:AE:FA:78:36:89 192.168.68.209 10.228.153.45 5.990000 5.980000
Datapath IPv6 client Summary:
===============================
client mac seen_ip6 age scope port
1 00:AE:FA:78:36:89 fe80::2ae:faff:fe78:3689 61 link-local apr1v9
Wired client Summary:
=======================
mac port state local_client detect_ago associated_ago tx_pkts tx_bytes rx_pkts rx_bytes
您可以使用強制斷開特定客戶端的連線:
test dot11 client deauthenticate 可以使用以下方法為每個客戶端獲取流量計數器:
LabAP#show client statistics wireless 00:AE:FA:78:36:89 Client MAC address: 00:AE:FA:78:36:89 Tx Packets : 621 Tx Management Packets : 6 Tx Control Packets : 153 Tx Data Packets : 462 Tx Data Bytes : 145899 Tx Unicast Data Packets : 600 Rx Packets : 2910 Rx Management Packets : 13 Rx Control Packets : 943 Rx Data Packets : 1954 Rx Data Bytes : 145699 LabAP#
更多有關無線電級別的資訊,可以從show controllers命令獲取很多資訊。當您新增使用者端mac位址時,會顯示支援的資料速率、目前的資料建立、PHY功能以及重試和失敗次數:
LabAP#show controllers dot11Radio 0 client 00:AE:FA:78:36:89
mac radio vap aid state encr Maxrate is_wgb_wired wgb_mac_addr
00:AE:FA:78:36:89 0 9 1 FWD AES_CCM128 M15 false 00:00:00:00:00:00
Configured rates for client 00:AE:FA:78:36:89
Legacy Rates(Mbps): 11
HT Rates(MCS):M0 M1 M2 M3 M4 M5 M6 M7 M8 M9 M10 M11 M12 M13 M14 M15
VHT Rates: 1SS:M0-7 2SS:M0-7
HT:yes VHT:yes HE:no 40MHz:no 80MHz:no 80+80MHz:no 160MHz:no
11w:no MFP:no 11h:no encrypt_polocy: 4
_wmm_enabled:yes qos_capable:yes WME(11e):no WMM_MIXED_MODE:no
short_preamble:yes short_slot_time:no short_hdr:yes SM_dyn:yes
short_GI_20M:yes short_GI_40M:no short_GI_80M:yes LDPC:yes AMSDU:yes AMSDU_long:no
su_mimo_capable:yes mu_mimo_capable:no is_wgb_wired:no is_wgb:no
Additional info for client 00:AE:FA:78:36:89
RSSI: -90
PS : Legacy (Sleeping)
Tx Rate: 0 Kbps
Rx Rate: 117000 Kbps
VHT_TXMAP: 0
CCX Ver: 4
Statistics for client 00:AE:FA:78:36:89
mac intf TxData TxMgmt TxUC TxBytes TxFail TxDcrd TxCumRetries RxData RxMgmt RxBytes RxErr TxRt RxRt idle_counter stats_ago expiration
00:AE:FA:78:36:89 apr0v9 8 1 6 1038 1 0 0 31 1 1599 0 0 117000 290 13.952000 0
Per TID packet statistics for client 00:AE:FA:78:36:89
Priority Rx Pkts Tx Pkts Rx(last 5 s) Tx (last 5 s) QID Tx Drops Tx Cur Qlimit
0 899 460 1 1 144 0 0 1024
1 0 0 0 0 145 0 0 1024
2 0 0 0 0 146 0 0 1024
3 59 0 0 0 147 0 0 1024
4 0 0 0 0 148 0 0 1024
5 0 0 0 0 149 0 0 1024
6 0 0 0 0 150 0 0 1024
7 0 0 0 0 151 0 0 1024
Legacy Rate Statistics:
(Mbps : Rx, Tx, Tx-Retries)
11 Mbps : 2, 0, 0
6 Mbps : 0, 9, 0
HT/VHT Rate Statistics:
(Rate/SS/Width : Rx, Rx-Ampdu, Tx, Tx-Ampdu, Tx-Retries)
0/1/20 : 4, 4, 0, 0, 0
6/2/20 : 4, 4, 0, 0, 0
7/2/20 : 5, 5, 0, 0, 0
webauth done:
false
為了持續跟蹤客戶端資料速率和/或RSSI值,您可以運行「debug dot11 client rate address <mac>」,並且此操作將每秒記錄一次此資訊:
LabAP#debug dot11 client rate address 00:AE:FA:78:36:89 [*08/20/2018 14:17:28.0928] MAC Tx-Pkts Rx-Pkts Tx-Rate Rx-Rate RSSI SNR Tx-Retries [*08/20/2018 14:17:28.0928] 00:AE:FA:78:36:89 0 0 12 a8.2-2s -45 53 0 [*08/20/2018 14:17:29.0931] 00:AE:FA:78:36:89 7 18 12 a8.2-2s -45 53 0 [*08/20/2018 14:17:30.0934] 00:AE:FA:78:36:89 3 18 12 a8.2-2s -45 53 0 [*08/20/2018 14:17:31.0937] 00:AE:FA:78:36:89 2 20 12 a8.2-2s -45 53 0 [*08/20/2018 14:17:32.0939] 00:AE:FA:78:36:89 2 20 12 a8.2-2s -45 53 0 [*08/20/2018 14:17:33.0942] 00:AE:FA:78:36:89 2 21 12 a8.2-2s -46 52 0 [*08/20/2018 14:17:34.0988] 00:AE:FA:78:36:89 1 4 12 a8.2-2s -46 52 0 [*08/20/2018 14:17:35.0990] 00:AE:FA:78:36:89 9 23 12 a8.2-2s -46 52 0 [*08/20/2018 14:17:36.0993] 00:AE:FA:78:36:89 3 7 12 a8.2-2s -46 52 0 [*08/20/2018 14:17:37.0996] 00:AE:FA:78:36:89 2 6 12 a8.2-2s -46 52 0 [*08/20/2018 14:17:38.0999] 00:AE:FA:78:36:89 2 14 12 a8.2-2s -46 52 0 [*08/20/2018 14:17:39.1002] 00:AE:FA:78:36:89 2 10 12 a8.2-2s -46 52 0 [*08/20/2018 14:17:40.1004] 00:AE:FA:78:36:89 1 6 12 a8.2-2s -46 52 0 [*08/20/2018 14:17:41.1007] 00:AE:FA:78:36:89 9 20 12 a8.2-2s -46 52 0 [*08/20/2018 14:17:42.1010] 00:AE:FA:78:36:89 0 0 12 a8.2-2s -46 52 0 [*08/20/2018 14:17:43.1013] 00:AE:FA:78:36:89 2 8 12 a8.2-2s -46 52 0 [*08/20/2018 14:17:44.1015] 00:AE:FA:78:36:89 0 0 12 a8.2-2s -46 52 0 [*08/20/2018 14:17:45.1018] 00:AE:FA:78:36:89 0 0 12 a8.2-2s -46 52 0 [*08/20/2018 14:17:46.1021] 00:AE:FA:78:36:89 0 0 12 a8.2-2s -46 52 0 [*08/20/2018 14:17:47.1024] 00:AE:FA:78:36:89 0 0 12 a8.2-2s -46 52 0 [*08/20/2018 14:17:48.1026] 00:AE:FA:78:36:89 7 15 12 a8.2-2s -46 52 0 [*08/20/2018 14:17:49.1029] 00:AE:FA:78:36:89 0 6 12 a8.2-2s -46 52 0 [*08/20/2018 14:17:50.1032] 00:AE:FA:78:36:89 0 0 12 a8.2-2s -46 52 0 [*08/20/2018 14:17:51.1035] 00:AE:FA:78:36:89 1 7 12 a8.2-2s -46 52 0 [*08/20/2018 14:17:52.1037] 00:AE:FA:78:36:89 0 17 12 a8.2-2s -46 52 0 [*08/20/2018 14:17:53.1040] 00:AE:FA:78:36:89 1 19 12 a8.2-2s -46 52 0 [*08/20/2018 14:17:54.1043] 00:AE:FA:78:36:89 2 17 12 a8.2-2s -46 52 0 [*08/20/2018 14:17:55.1046] 00:AE:FA:78:36:89 2 22 12 a8.2-2s -45 53 0 [*08/20/2018 14:17:56.1048] 00:AE:FA:78:36:89 1 18 12 a8.2-2s -45 53 0 [*08/20/2018 14:17:57.1053] 00:AE:FA:78:36:89 2 18 12 a8.2-2s -45 53 0 [*08/20/2018 14:17:58.1055] 00:AE:FA:78:36:89 12 37 12 a8.2-2s -45 53 0
在此輸出中,Tx和Rx資料包計數器是自上次列印以來的第二個間隔內傳輸的資料包,與Tx重試相同。但是,RSSI、SNR和資料速率是該間隔的最後一個資料包的值(而不是該間隔內所有資料包的平均值)。
Flexconnect案例
您可以驗證在預先驗證(例如CWA)或後續驗證案例中,使用者端目前套用的是哪些ACL:
AP#show client access-lists pre-auth all f48c.507a.b9ad Pre-Auth URL ACLs for Client: F4:8C:50:7A:B9:AD IPv4 ACL: IPv6 ACL: ACTION URL-LIST Resolved IPs for Client: F4:8C:50:7A:B9:AD HIT-COUNT URL ACTION IP-LIST REDIRECT rule 0: allow true and ip proto 17 and src port 53 rule 1: allow true and ip proto 17 and dst port 53 rule 2: allow true and src 10.48.39.161mask 255.255.255.255 rule 3: allow true and dst 10.48.39.161mask 255.255.255.255 rule 4: deny true No IPv6 ACL found AP#show client access-lists post-auth all f48c.507a.b9ad Post-Auth URL ACLs for Client: F4:8C:50:7A:B9:AD IPv4 ACL: IPv6 ACL: ACTION URL-LIST Resolved IPs for Client: F4:8C:50:7A:B9:AD HIT-COUNT URL ACTION IP-LIST post-auth rule 0: deny true and dst 192.0.0.0mask 255.0.0.0 rule 1: deny true and src 192.0.0.0mask 255.0.0.0 rule 2: allow true No IPv6 ACL found
透過啟用debug flexconnect access-list counter client <client MAC>,您可以檢視Flexconnect ACL上的命中計數器
隨後執行show client access-list pre-auth/post-auth all <MAC>,然後為每個ACL條目增加命中計數器。這適用於自Cisco IOS® XE 17.13起的所有型別的Flex ACL。在早期版本中,存在相同的命令,但只有VLAN ACL會更新其命中計數器。
您可以使用clear counters access-list client <mac>
AP檔案系統
COS AP不允許在unix平台上列出檔案系統的所有內容。
命令show filesystems提供有關當前分割槽上的空間使用和分佈的詳細資訊:
2802#show filesystems Filesystem Size Used Available Use% Mounted on /dev/ubivol/storage 57.5M 364.0K 54.1M 1% /storage 2802#
命令「show flash」列出AP快閃記憶體中的主檔案。您還可以附加syslog或core關鍵字以列出這些特定資料夾。
ap_2802#show flash Directory of /storage/ total 84 -rw-r--r-- 1 root root 0 May 21 2018 1111 -rw-r--r-- 1 root root 6 Apr 15 11:09 BOOT_COUNT -rw-r--r-- 1 root root 6 Apr 15 11:09 BOOT_COUNT.reserve -rw-r--r-- 1 root root 29 Apr 15 11:09 RELOADED_AT_UTC drwxr-xr-x 2 root root 160 Mar 27 13:53 ap-images drwxr-xr-x 4 5 root 2016 Apr 15 11:10 application -rw-r--r-- 1 root root 6383 Apr 26 09:32 base_capwap_cfg_info -rw-r--r-- 1 root root 20 Apr 26 10:31 bigacl -rw-r--r-- 1 root root 1230 Mar 27 13:53 bootloader.log -rw-r--r-- 1 root root 5 Apr 26 09:29 bootloader_verify.shadow -rw-r--r-- 1 root root 18 Jun 30 2017 config -rw-r--r-- 1 root root 8116 Apr 26 09:32 config.flex -rw-r--r-- 1 root root 21 Apr 26 09:32 config.flex.mgroup -rw-r--r-- 1 root root 0 Apr 15 11:09 config.local -rw-r--r-- 1 root root 0 Jul 26 2018 config.mesh.dhcp -rw-r--r-- 1 root root 180 Apr 15 11:10 config.mobexp -rw-r--r-- 1 root root 0 Jun 5 2018 config.oeap -rw-r--r-- 1 root root 2253 Apr 26 09:43 config.wireless drwxr-xr-x 2 root root 160 Jun 30 2017 cores drwxr-xr-x 2 root root 320 Jun 30 2017 dropbear drwxr-xr-x 2 root root 160 Jun 30 2017 images -rw-r--r-- 1 root root 222 Jan 2 2000 last_good_uplink_config drwxr-xr-x 2 root root 160 Jun 30 2017 lists -rw-r--r-- 1 root root 215 Apr 16 11:01 part1_info.ver -rw-r--r-- 1 root root 215 Apr 26 09:29 part2_info.ver -rw-r--r-- 1 root root 4096 Apr 26 09:36 random_seed -rw-r--r-- 1 root root 3 Jun 30 2017 rxtx_mode -rw-r--r-- 1 root root 64 Apr 15 11:11 sensord_CSPRNG0 -rw-r--r-- 1 root root 64 Apr 15 11:11 sensord_CSPRNG1 drwxr-xr-x 3 support root 224 Jun 30 2017 support drwxr-xr-x 2 root root 2176 Apr 15 11:10 syslogs --------------------------------------------------------------------------- Filesystem Size Used Available Use% Mounted on flash 57.5M 372.0K 54.1M 1% /storage
儲存並傳送系統日誌
系統日誌資料夾儲存上次重新啟動的系統日誌輸出。命令「show log」只顯示自上次重新啟動以來的syslog。
每次重新啟動時,系統日誌都會寫入增量檔案。
artaki# show flash syslogs Directory of /storage/syslogs/ total 128 -rw-r--r-- 1 root root 11963 Jul 6 15:23 1 -rw-r--r-- 1 root root 20406 Jan 1 2000 1.0 -rw-r--r-- 1 root root 313 Jul 6 15:23 1.last_write -rw-r--r-- 1 root root 20364 Jan 1 2000 1.start -rw-r--r-- 1 root root 33 Jul 6 15:23 1.watchdog_status -rw-r--r-- 1 root root 19788 Jul 6 16:46 2 -rw-r--r-- 1 root root 20481 Jul 6 15:23 2.0 -rw-r--r-- 1 root root 313 Jul 6 16:46 2.last_write -rw-r--r-- 1 root root 20422 Jul 6 15:23 2.start --------------------------------------------------------------------------- Filesystem Size Used Available Use% Mounted on flash 57.6M 88.0K 54.5M 0% /storage artaki# show flash cores Directory of /storage/cores/ total 0 --------------------------------------------------------------------------- Filesystem Size Used Available Use% Mounted on flash 57.6M 88.0K 54.5M 0% /storage
初始啟動後的第一個輸出是file 1.0,如果1.0太長,則會建立一個1.1檔案。重新開機後,會建立新的檔案2.0,以此類推。
如果希望AP將其系統日誌消息單播傳送到特定伺服器,則可以從WLC配置系統日誌目標。
預設情況下,AP將其syslog傳送到廣播地址,這可能會導致相當多的廣播風暴,因此請確保配置系統日誌伺服器。
預設情況下,AP透過syslog傳送其控制檯輸出上的任何輸出。
在9800控制器上,您可以在「Management(管理)」下的「Configuration(配置)」->「AP Join(AP加入)」配置檔案中更改這些引數。
您可以將Log Trap Value 更改為也透過syslog傳送調試。然後,您可以在AP CLI上啟用調試,這些調試的輸出將透過Syslog消息傳送到已配置的伺服器。
由於思科漏洞ID CSCvu75017 ,只有將syslog裝置設定為KERN(預設值)時,AP才會將syslog消息傳送出去。
如果您正在排除AP可能丟失網路連線(例如WGB)的問題,則系統日誌並不像當AP丟失其上行鏈路連線時未傳送任何消息那樣可靠。
因此,依靠快閃記憶體中儲存的系統日誌檔案是調試和儲存AP自身輸出並在以後定期上傳的極好方法。
AP支援套件
某些通常收集的各種型別的診斷資訊可在單個捆綁包中提供,您可以從存取點上傳。
可以包括在捆綁包中的診斷資訊包括:
- AP show tech
- AP系統日誌
- AP Capwapd大腦日誌
- AP啟動和消息日誌
- AP核心傾印檔案
要獲取AP支援套件,您可以進入AP CLI並輸入命令「copy support-bundle tftp: x.x.x.x」。
之後,您可以檢查名為的檔案以及附加了support.apversion.date.time.tgz的AP名稱,如下所示:
當您「解壓縮」檔案時,您可以檢視所收集的各種檔案:
遠端收集AP核心檔案
若要從遠端收集AP核心檔案,請啟用核心傾印以包含在支援套件中,然後從AP上傳支援套件,或直接傳送至tftp伺服器。後續示例使用tftp伺服器192.168.1.100。
AireOS CLI
AireOS GUI
Cisco IOS® CLI
eWLC-9800-01(config)#ap profile TiagoOffice
eWLC-9800-01(config-ap-profile)#core-dump tftp-server 192.168.1.100 file apCores uncompress
Cisco IOS® GUI
從Cisco IOS® XE 17.3.1,您擁有「支援捆綁包」頁籤,可以從WLC GUI下載AP SB。
它只會在AP上執行「copy support-bundle」命令,並透過SCP將其傳送到WLC(因為WLC可能是SCP伺服器)。
然後,您可以從瀏覽器下載:
這表示您可以在17.3.1之前的eWLC版本中手動執行相同的技巧:
如果您沒有可連線到AP的TFTP伺服器,請透過SCP將支援套件從AP複製到eWLC IP。
通常,從AP透過SSH可訪問eWLC,因此對於17.3之前的版本而言,這是一個不錯的技巧。
步驟 1.在9800 v17.2.1上啟用SSH
步驟 2.在Cisco IOS® XE v17.2.1上啟用SCP
此示例說明如何配置SCP的伺服器端功能。此示例使用本地定義的使用者名稱和密碼:
步驟 3. 請使用copy support-bundle命令,並且我們需要指定要在SCP伺服器中建立的檔名。
秘訣:您可以執行一次指令來取得有意義的檔案名稱,然後在指令中複製/貼上該檔案名稱:
步驟 4.然後,可以進入eWLC GUI,在Administration > Management > File Manager下獲取檔案:
IoT和藍芽
可以使用以下工具在AP上檢查gRPC伺服器日誌:
AP# show grpc server log
time="2020-04-01T01:36:52Z" level=info msg="[DNAS] spaces conn url 10.22.243.33:8000"
time="2020-04-01T01:36:52Z" level=info msg="[DNAS] entering stopDNAspacesTmpTokenRoutine"
time="2020-04-01T01:36:52Z" level=info msg="[DNAS] exiting stopDNAspacesTmpTokenRoutine"
time="2020-04-01T01:36:52Z" level=info msg="[DNAS] entering startDNAspacesTmpTokenRoutine"
time="2020-04-01T01:36:52Z" level=info msg="[DNAS] launching token request cycle"
time="2020-04-01T01:36:52Z" level=info msg="[DNAS] exiting startDNAspacesTmpTokenRoutine"
time="2020-04-01T01:36:52Z" level=info msg="[DNAS] spaces token expiration time 2020-04-02 01:36:52 +0000 UTC"
time="2020-04-01T01:36:52Z" level=info msg=" Calling startDNASpacesConn routine "
time="2020-04-01T01:36:52Z" level=info msg="[DNAS] Receive Success status"
time="2020-04-01T01:36:52Z" level=info msg="[DNAS] Connection not in ready state sleeping for 10 seconds"
time="2020-04-01T01:37:02Z" level=info msg="[DNAS] Setup Stream for the gRPC connection"
time="2020-04-01T01:37:02Z" level=info msg="[DNAS] Connect RPC Succeeded."
time="2020-04-01T01:37:02Z" level=info msg="[DNAS] RX routine got enabled "
time="2020-04-01T01:37:02Z" level=info msg="[DNAS] TX routine got enabled "
可以透過驗證與Cisco DNA Spaces聯結器的連線:
AP# show cloud connector key access
Token Valid : Yes
Token Stats :
Number of Attempts : 44
Number of Failures : 27
Last Failure on : 2020-03-28 02:02:15.649556818 +0000 UTC m=+5753.097022576
Last Failure reason : curl: SSL connect error
Last Success on : 2020-04-01 00:48:37.313511596 +0000 UTC m=+346934.760976625
Expiration time : 2020-04-02 00:48:37 +0000 UTC
Connection Retry Interval : 30
AP# show cloud connector connection detail
Connection State : READY
Connection Url : 10.22.243.33:8000
Certificate Available : true
Controller Ip : 10.22.243.31
Stream Setup Interval : 30
Keepalive Interval : 30
Last Keepalive Rcvd On : 2020-04-01 00:32:47.891433113 +0000 UTC m=+345985.338898246
Number of Dials : 2
Number of Tx Pkts : 2788175
Number of Rx Pkts : 11341
Number of Dropped Pkts : 0
Number of Rx Keepalive : 11341
Number of Tx Keepalive : 11341
Number of Rx Cfg Request : 0
Number of Tx AP Cfg Resp : 0
Number of Tx APP Cfg Resp : 0
Number of Tx APP state pkts : 5
Number of Tx APP data pkts : 2776829
要檢視AP的當前BLE廣播配置,請執行以下操作:
AP# show controllers ioTRadio ble 0 broadcast
BLE Profile Config
-------------------
Active profile : v-iBeacon
Profile 0 (iBeacon)
UUID : 00001000000000000000000000000000
Interval (ms) : 100
Power (dBm) : -21
Advertised Power (dBm) : -65
Minor : 0
Major : 0
TxPower byte : bfbfbfbfbfbfbfbfbfbfbfbfbf
Profile 1 (Eddystone UID)
Namespace (hex) : 0000000000005446089c
Instance-ID (hex) : 7f0000001f00
Profile 2 (Eddystone URL)
URL : http://www.
要檢視掃描結果,請執行以下操作:
AP# show controllers ioTRadio ble 0 scan brief
Profile MAC RSSI(-dBm) RSSI@1meter(-dBm) Last-heard
Unknown 3C:1D:AF:62:EC:EC 88 0 0000D:00H:00M:01S
iBeacon 18:04:ED:04:1C:5F 86 65 0000D:00H:00M:01S
Unknown 18:04:ED:04:1C:5F 78 65 0000D:00H:00M:01S
Unknown 04:45:E5:28:8E:E7 85 65 0000D:00H:00M:01S
Unknown 2D:97:FA:0F:92:9A 91 65 0000D:00H:00M:01S
iBeacon E0:7D:EA:16:35:35 68 65 0000D:00H:00M:01S
Unknown E0:7D:EA:16:35:35 68 65 0000D:00H:00M:01S
iBeacon 04:EE:03:53:74:22 45 256 0000D:00H:00M:01S
Unknown 04:EE:03:53:74:22 45 256 0000D:00H:00M:01S
04:EE:03:53:6A:3A 72 N/A 0000D:00H:00M:01S
Unknown 04:EE:03:53:6A:3A 72 65 0000D:00H:00M:01S
iBeacon E0:7D:EA:16:35:35 68 65 0000D:00H:00M:01S
Unknown E0:7D:EA:16:35:35 67 65 0000D:00H:00M:01S
iBeacon 04:EE:03:53:74:22 60 256 0000D:00H:00M:01S
Unknown 04:EE:03:53:74:22 60 256 0000D:00H:00M:01S
Eddystone URL 04:EE:03:53:6A:3A 72 N/A 0000D:00H:00M:01S
當AP在部署應用的高級BLE網關模式下運行時,您可以使用檢查IoX應用的狀態:
AP#show iox applications
Total Number of Apps : 1
--------------------------
App Name : cisco_dnas_ble_iox_app
App Ip : 192.168.11.2
App State : RUNNING
App Token : 02fb3e98-ac02-4356-95ba-c43e8a1f4217
App Protocol : ble
App Grpc Connection : Up
Rx Pkts From App : 3878345
Tx Pkts To App : 6460
Tx Pkts To Wlc : 0
Tx Data Pkts To DNASpaces : 3866864
Tx Cfg Resp To DNASpaces : 1
Rx KeepAlive from App : 11480
Dropped Pkts : 0
App keepAlive Received On : Mar 24 05:56:49
您可以使用這些命令連線到IOX應用程式,然後在樓層信標配置期間監控日誌(例如:
AP#connect iox application
/ #
/# tail -F /tmp/dnas_ble.log
Tue Mar 24 06:55:21 2020 [INFO]: Starting DNA Spaces BLE IOx Application
Tue Mar 24 06:55:21 2020 [INFO]: Auth token file contents: db26a8ab-e800-4fe9-a128-80683ea17b12
Tue Mar 24 06:55:21 2020 [INFO]: Setting gRPC endpoint to: 1.1.7.101:57777
Tue Mar 24 06:55:21 2020 [INFO]: Auth with token: db26a8ab-e800-4fe9-a128-80683ea17b12
Tue Mar 24 06:55:21 2020 [INFO]: Attempt to connect to DNAS Channel
Tue Mar 24 06:55:21 2020 [INFO]: Starting to run metrics
Tue Mar 24 06:55:21 2020 [INFO]: Starting to run Channel Keepalive
Tue Mar 24 06:55:21 2020 [INFO]: Initialize DNAS Reader Channel
Tue Mar 24 06:55:21 2020 [INFO]: Start listener for messages
Tue Mar 24 06:55:21 2020 [INFO]: Running BLE scan thread
結論
有許多故障排除工具可以幫助我們解決與COS AP相關的問題。
本文檔列出了最常用的,並會定期更新。
修訂記錄
| 修訂 | 發佈日期 | 意見 |
|---|---|---|
6.0 |
04-Sep-2024 |
已增加客戶端調試捆綁包 |
5.0 |
19-Aug-2024 |
重新認證 |
3.0 |
17-Nov-2021 |
已增加IoT部分 |
2.0 |
12-Nov-2021 |
已增加引導時間調試部分 |
1.0 |
21-Jun-2019 |
初始版本 |
意見