Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MX WAN packer capture

tantony
Head in the Cloud
‎Mar 15 2019 4:01 PM
‎Mar 15 2019 4:01 PM

MX WAN packer capture

I need to do packet capture on WAN 1 port on the MX68 using Wireshark. How would I do that without unplugging the internet cable from WAN port?

0 Kudos
Subscribe
5 Replies 5
MerakiDave
Meraki Employee
Meraki Employee
‎Mar 15 2019 4:22 PM
‎Mar 15 2019 4:22 PM

On the Network Wide > Packet Capture page, in the output window, select download pcap instead of "view output below".  No need to unplug any cables or span/mirror any ports.  And depending on how busy the port is, and how much you need to capture, you can put any tcpdump style filter expression in the filter box, click on the "examples" to the right, but if the capture isn't going to grab several thousand packets, might be easier to capture everything and just use display filters in Wireshark.

Subscribe
In response to MerakiDave
tantony
Head in the Cloud
‎Mar 15 2019 5:34 PM
‎Mar 15 2019 5:34 PM

Ok. I’m trying to figure out why the MX is disconnecting from internet. I called Meraki support and they want me to do a packet capture. 

0 Kudos
Subscribe
In response to tantony
MerakiDave
Meraki Employee
Meraki Employee
‎Mar 15 2019 7:08 PM
‎Mar 15 2019 7:08 PM

Ok.  Is it disconnecting randomly, or can you correlate the disconnect with any other external factors like an upstream switch or router or perhaps an ISP modem?  And what is the status LED showing during disconnect, is it just solid amber (no connection) or maybe rainbowing (attempting to connect to Dashboard)? 

 

Also perhaps try to leverage the local status page on the MX.  In case you haven't done that before you can connect a laptop with a wired Ethernet connection (temporarily disable wireless to be sure) and connect to a LAN port on the MX68 and open a browser and go to my.meraki.com to get to the local status page, which might give clues on what the issue might be.  More info on that here:  https://documentation.meraki.com/zGeneral_Administration/Tools_and_Troubleshooting/Using_the_Cisco_M...

 

Support can certainly correlate what you see on the local status page, along with LED status indicators, with what they are seeing if/when the device is checking in to Dashboard.  And yes, as Support suggested a pcap on the Internet/WAN port could also give some clues for sure.

 

0 Kudos
Subscribe
In response to MerakiDave
tantony
Head in the Cloud
‎Mar 15 2019 7:52 PM
‎Mar 15 2019 7:52 PM

It looks random. The led rainbows. It’s not the modem because I have a laptop connected to the modem and it doesn’t disconnect from internet, but the Meraki does. So now, 10:47 it’s showind WAN failed but the cellular modem backup is still in ready state instead of active. 

 

If I unplug WAN cable and plug it back in the MX get Internet back within seconds. 

 

I didnt look at the local status page. 

0 Kudos
Subscribe
In response to tantony
MerakiDave
Meraki Employee
Meraki Employee
‎Mar 16 2019 6:53 AM
‎Mar 16 2019 6:53 AM

During the rainbow the MX believes it has Internet connectivity and is trying to establish communication with the cloud/dashboard.  There are a number of tests (DNS lookups, continuous pings, HTTP GETs and ARPing the DFGW) the MX performs, with specific timers, all of which make up the "Connection Monitor".  More on that here.  https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/Connection_Monitoring_for_WAN_Failo...

 

The failover to cellular backup staying ready instead of going active could be something different and unrelated.  I think Support will first want to further examine why it doesn't have consistent connectivity to Dashboard, and once that is solid and consistent then fully test cellular failover. 

 

Keep working with Support, and I'd suggest trying out the local status page, and perhaps keep a continuous ping to 8.8.8.8 or 8.8.4.4 from the laptop on the cable modem running, confirm there are no drops the next time the MX loses its Internet connection, and have the local status page up for additional clues. 

 

Sometimes this odd sporadic behavior comes down to a layer 1 issue, so perhaps also try a different and known good patch cable, and connect it from WAN2 on the MX to a different physical port on the cable modem, just to rule out a bad cable or physical port.  I'm assuming it's just a patch cable, but if there are wall jacks and a patch panel in between try alternate jacks, or whatever constitutes a different L1 path between MX and cable modem.

 

Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.