This article shows how to troubleshoot your access point or switch if you have any issues/problems with traffic. It shows how to port mirror on a Nebula switch, packet trace/capture on an access point (AP) and firewall/gateway in Nebula CC.

 

Table of Content

1) Port Mirroring

2) Packet Capture

2.1 For Firewall - Using Web GUI

2.2 For Firewall - Using CLI/SSH

2.3 For Access Points - Using CLI/SSH

 

1) Port Mirroring

 

Port mirroring allows you to trace packets coming into a switch port - it basically copies the traffic and sends it to both the initial destination as well as the "Mirror Port" - here. you can use a packet-tracing software such as WireShark in order to track down traffic in your network. This is a powerful tool when it comes to analyzing and debugging network issues. Please follow the below steps to set up Port Mirroring:

 

1. Log in to your Nebula Account via https://nebula.zyxel.com 
2. Navigate to

Switch> Configure> Switch Settings

3. Find

Port mirroring 

and click on

Add

4. Select the Switch and which port(s) you want to have monitored. Also, choose a destination port. Source Port indicates the port where the traffic is coming from initially, while the Destination port indicates the port you will be tracking on.

5. Save the settings. 

6. Open Wireshark

7. Select the network adapter your using (WiFi or Ethernet) and filter your packets

Filter your traffic you want to capture, for example: 

multicast and broadcast

host 192.168.1.33

port 443

Later on you can filter after you've captured the packets as well by using e.g.:

ip.addr==192.168.1.1

ip.proto 50

icmp 

 

 

8. Capture

9. Save the file and analyze / Send for analysis

 

2) Packet Capture

2.1 For Firewall - Using Web GUI

Navigate to Maintenance -> Packet Capture and choose the interface you want to capture (e.g. LAN traffic/WAN traffic). You can also filter the traffic, based on Host IP address or Host Port. Then click capture to start the packet capture.

 

2.2 For Firewall - Using CLI/SSH

In Nebula, the USG FLEX / ATP Series are using an SD-WAN structure, which is mostly VLAN-based. E.g. if you want to capture packets on the lan1 interface, you need to find out which VLAN that the firewall is using for lan1 by entering the command:

show sdwan interface

In our example below, Nebula is using VLAN3718 for the lan1 interface.

 

To do a packet trace on lan1 and capture HTTPS traffic, enter the following command:

packet-trace interface vlan3718 port 443

 

 

To do a packet trace on lan1 and capture traffic from a specific host PC, enter the following command:

packet-trace interface vlan3718 src-host 172.16.3.102

 

2.3 For Access Points - Using CLI/SSH

The Access Points in Nebula cannot do a packet trace locally. If you want to do a packet capture of an Access Point, you need to access the device locally from a PC and use Section 3 to login to device via SSH.

 

 

For the access points in Nebula, the bands are divided into two groups wlan-1-1 (2,4 GHz) and wlan-2-1 (5 GHz).

If you want to capture HTTPS traffic on clients that are connected to 5GHz, please use the following command:

packet-trace interface wlan-2-1 port 443

 

If you want to capture traffic from a specific client that are connected to 2,4GHz, please use the following command:

packet-trace interface wlan-2-1 src-host 172.16.3.102