Solved

Wireless Monitoring

Posted on 2015-02-16
11
147 Views
Last Modified: 2015-03-19
I am looking for a wireless monitoring tool so that I can see who is hogging up all the interfaces.  We have devices (both personal iPhone and laptops) and would like to be able to quickly identify who uses all the bandwidth at a point in time.

Also, would like the ability to kill that session if possible.

thanks - latenaite
0
Comment
Question by:LateNaite
  • 6
  • 3
11 Comments
 
LVL 45

Expert Comment

by:Craig Beck
ID: 40612574
What wireless system do you have?
0
 

Author Comment

by:LateNaite
ID: 40612642
Cisco Wireless controllers and APs.
0
 
LVL 18

Expert Comment

by:Akinsd
ID: 40612733
There is a QoS feature on Cisco WLCs. You can use that to cap bandwidth or prioritize traffic.
The default settings gives priority to Voice, Data and Video in that order. You have options to manually manipulate traffic

There are free tools in the market you can use to monitor or capture traffic - The Dude, Wireshark, PTRG, OP Manager etc
0
 
LVL 45

Accepted Solution

by:
Craig Beck earned 357 total points
ID: 40613150
You should use AVC on the WLC to see what types of applications are being used the most and Prime Infrastructure to monitor clients.  That will give you everything you need.

Free tools won't help as the client traffic is encapsulated in CAPWAP.
0
 
LVL 18

Assisted Solution

by:Akinsd
Akinsd earned 143 total points
ID: 40613165
Monitoring tools can be used to identify which device (IP address) is hogging up traffic.

If your goal is to identify the user and penalize or report them to be reprimanded, then you may pursue capturing traffic.

If your goal is to prevent bandwidth hogging, I think capping traffic with QoS would be ideal
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 45

Assisted Solution

by:Craig Beck
Craig Beck earned 357 total points
ID: 40613177
Maybe to monitor traffic coming out of the WLC, but that's only half the story.  If it's traffic across the WLAN but not exiting via the WLC's wired ports you will have to use Prime Infrastructure.

Also, if Flexconnect is used you'd have to know which AP to monitor.  Again, free tools probably won't help until you know where the client is connected, or vice-versa.
0
 
LVL 18

Assisted Solution

by:Akinsd
Akinsd earned 143 total points
ID: 40613198
so that I can see who is hogging up all the interfaces
Please be conscious that the traffic doesn't stop at the WLC, it goes all the way through distribution switch, firewall etc.

I have done this in the past so I know it works. Other thing you could do is just check the loads on the interfaces of the distribution switch. When the load rises beyond 20%, traffic generally is impaired as the processing power of the switch is sabotaged. This will slow down the ability of the switch to forward traffic and the result is network-wide for every traffic that traverses the affected distribution switch.

Once the interface with more than normal load has been identified. Configure mirroring and connect a computer with wireshark installed to the mirroring port. You will definitely be able to isolate the device by its ip address.
interface.jpgMonitoring tools will identify this quicker. Just scan the network and check the meters, You'll see the device with unusually high meters
0
 
LVL 45

Assisted Solution

by:Craig Beck
Craig Beck earned 357 total points
ID: 40613227
Traffic CAN and MAY go past the WLC to the distribution switch to the core switch to the firewall to the MPLS router to the cloud... Etc.  It doesn't have to though.  Just be aware of that.

"Monitoring tools will identify this quicker"...

Correct, but not FREE tools.  Cisco Prime Infrastructure is made for exactly this.  Log in to it and it immediately shows you dashlets with important info such as number of connected clients and top users.
0
 
LVL 45

Assisted Solution

by:Craig Beck
Craig Beck earned 357 total points
ID: 40614857
If your goal is to identify the user and penalize or report them to be reprimanded, then you may pursue capturing traffic.
Fair enough, but how do you match up the IP address to the user within that one tool?  Answer: You can't.  You can with Prime Infrastructure.

If your goal is to prevent bandwidth hogging, I think capping traffic with QoS would be ideal
It depends how it's implemented.  If it's at the WLC it may not be ideal depending on version of code.  It may be better to do this at the wired network instead, or both, but it isn't always a viable option.

Please be conscious that the traffic doesn't stop at the WLC, it goes all the way through distribution switch, firewall etc.
As I said... not always.  Traffic can still roam within the WLC between clients.  This traffic will NEVER hit the distribution switch.

Other thing you could do is just check the loads on the interfaces of the distribution switch.
How will that help to locate a user abusing bandwidth??  Sure, you can see that there's a lot of traffic passing through the interface, but you already knew that.

When the load rises beyond 20%, traffic generally is impaired as the processing power of the switch is sabotaged.
switches can process traffic absolutely fine at 20%.  On a gigabit interface that's barely touching the sides.  200Mbps... sabotaging the processing power on a 48Gbps switch??  Please explain where you've got this information from.

Once the interface with more than normal load has been identified. Configure mirroring and connect a computer with wireshark installed to the mirroring port. You will definitely be able to isolate the device by its ip address.
The traffic will be coming out of the WLC if it's coming across the wired network from a wireless client.  Why go to all of this effort to simply locate one of the ports that you already know will be passing the traffic??

Monitoring tools will identify this quicker.
I'll say it again... this is correct, BUT only if the tool is the right one.  Cisco's Prime Infrastructure is the ONLY tool that will help where a WLAN is concerned if you want to be 100% sure.  Nothing else will do.  You can tie up all of the information you need in one page in Prime Infrastructure.  You just can't do that with any other monitoring tool.
0
 
LVL 45

Assisted Solution

by:Craig Beck
Craig Beck earned 357 total points
ID: 40617002
0

Featured Post

New My Cloud Pro Series - organize everything!

With space to keep virtually everything, the My Cloud Pro Series offers your team the network storage to edit, save and share production files from anywhere with an internet connection. Compatible with both Mac and PC, you're able to protect your content regardless of OS.

Join & Write a Comment

In this article I will describe how to setup a Cisco WLC 5508 to work with Apple's Bonjour protocol across VLANs.  I will also discuss using screen mirroring and Airplay on an AppleTV v3.  This article covers the wireless network only and requires m…
Today sees the launch of a new case study, focusing on BYOD technologies we have been working with for some time now.  But with the advent of 802.11ac wireless technologies and the story behind our landmark developments, we would like to share this …
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now