Filter
Top Products
D-Link DWS-1008 CLI Manual 499
Usage Traffic that matches a snoop filter is copied after it is decrypted. The decrypted (clear)
version is sent to the observer.
For best results:
• Do not specify an observer that is associated with the AP where the snoop filter is running.
This configuration causes an endless cycle of snoop traffic.
• If the snoop filter is running on a Distributed AP, and the AP used a DHCP server in its
local subnet to configure its IP information, and the AP did not receive a default router
(gateway) address as a result, the observer must also be in the same subnet. Without a
default router, the AP cannot find the observer.
• The AP that is running a snoop filter forwards snooped packets directly to the observer. This
is a one-way communication, from the AP to the observer. If the observer is not present,
the AP still sends the snoop packets, which use bandwidth. If the observer is present but is
not listening to TZSP traffic, the observer continuously sends ICMP error indications back
to the AP. These ICMP messages can affect network and AP performance.
Examples: The following command configures a snoop filter named snoop1 that matches on all
traffic, and copies the traffic to the device that has IP address 10.10.30.2:
DWS-1008# set snoop snoop1 observer 10.10.30.2 snap-length 100
The following command configures a snoop filter named snoop2 that matches on all data traffic
between the device with MAC address aa:bb:cc:dd:ee:ff and the device with MAC address
11:22:33:44:55:66, and copies the traffic to the device that has IP address 10.10.30.3:
DWS-1008# set snoop snoop2 frame-type eq data mac-pair aa:bb:cc:dd:ee:ff
11:22:33:44:55:66 observer 10.10.30.3 snap-length 100
See Also:
• clear snoop
• set snoop map
• set snoop mode
• show snoop info
• show snoop stats