The Proactive Packet Capture is a tool that I’ve used for a long time now in Catalyst Center (formerly DNA-C), so it’s exciting that it’s now been introduced to the Meraki side of the world as well.
With over 100 event triggers that can occur during the client onboarding process or normal operations, there is a fair chance that whatever issue a client is experiencing in the network will be captured automatically.
The Proactive PCAP does require MR31 or higher, and the APs need to be Wifi 6/6E or 7 to support the feature.
The retention time for proactive captures is 7 days, so when enabling the feature, you do need to decide if you want to enable it for some or all devices. You can select which APs you enable, which if you have a large/busy network would probably be the better way to go. Since I’m running this at home with only a couple of APs, I’m happy to turn it on for all devices. Enable The other thing to note is that once this feature is GA, you will need an MR-ADV (Advanced) license to use the Proactive PCAP feature. This will be enforced in the future.
Enable As this is for my home, I had to leave it to run for a few days, and I came back to find plenty of captures. Most weren’t ones to worry about, as they were ones like EAPoL timeouts that happened as we were leaving the house, but there are certainly real-world examples of where this would be important. Enable Looking down the right-hand side of the page, we can see which step of the onboarding process the trigger occurred at (Authentication, Association, DHCP, etc.), and we have the option to analyze the capture directly on the dashboard or download the PCAP to review in Wireshark on our local machine.
These options are available regardless of if the capture was proactive or manually run. In the next post, we’ll have a look at the analysis view that we get on the dashboard.
Again though, this is another instance where the smarts of the product can help save time and effort by capturing events before you even know that they’ve happened, and can save many hours trying to recreate problems or disrupting users even further to try and reproduce.