VACL puzzle on Cat6500 IOS

Unanswered Question
May 14th, 2007
User Badges:


I have to capture traffic and I wish to apply the VACL Capture as described in the doc "VACL Capture for Granular Traffic Analysis with Cisco Catalyst 6000/6500 Running Cisco IOS Software"


1. Define the interesting traffic.

Cat6K-IOS(config)#ip access-list extended HTTP_UDP_TRAFFIC


2. Define the VLAN access map.

Cat6K-IOS(config)#vlan access-map HTTP_UDP_MAP 10

Cat6K-IOS(config-access-map)#match ip address HTTP_UDP_TRAFFIC

Cat6K-IOS(config-access-map)#action forward capture

3. Apply the VLAN access map to the appropriate VLANs.

Cat6K-IOS(config)#vlan filter HTTP_UDP_MAP vlan-list 10

4. Configure the Capture Port


I am wondering that if I apply that "vlan filter", the 6500 will discard all the traffic that does not match the ACL, as sketched in the IOS 12.2(SX) conf. guide (3rd example):


The question is: to capture only the matched part of IP traffic without to discard the unmatched traffic, must I end the access-map with a default "action forward"?

Best regards. Paolo Calcaterra

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion