We have RB951G-2HnD and are wondering if there is anyway of using the port mirror functionality to copy the WLAN traffic to one of the ethernet ports for analysis. We specifically want to see the client device MAC addresses.
Right now we have a separate wireless access point connected to one of the RB951G’s ethernet ports with the RB951G acting as a router. We can successfully port mirror WLAN traffic in this configuration but want to be able to use the WLAN functionality of the RB951G rather than a physically separate wireless access point.
Hardware mirroring is not possible, as the wireless interfaces are not connected to the CPU via the switch chip but directly. But you can use a rule with ****
action=sniff-tzsp
in
/ip firewall mangle
to mirror the frames to an IP address and port TZSP-encapsulated. The criteria would be
in-bridge-interface=wlan1
or
in-interface=wlan1
depending on whether your wireless interface is a member port of a bridge or not; if it is, the common settings for all bridges,