Traffic Capture on Cisco ASR 1002 Routers

Unanswered Question
Sep 7th, 2009

Hi,

I have to set up a traffic capture on my Cisco ASR 1002 router. The router is under 12.2(33)XNB2, RELEASE SOFTWARE (fc2) version.

My configuration is like below:

BB-1(config)#monitor session 1 type local

BB-1(config-mon-local)#source interface gigabitEthernet 0/0/0

BB-1(config-mon-local)#destination interface gigabitEthernet 0/0/3

It doesn't work. No packet seems to be captured on my traffic Sniffer plugged in Gi0/0/3.

Thanks for you help,

Regards,

Ju

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
b.julin Mon, 09/07/2009 - 12:32

I haven't tried it on the ASR yet. Maybe zone security gets in the way?

At any rate, depending on what you need it for, "debug ip packet #ACL" works for debugging. Not the same thing I know.

ju.mahieu Mon, 09/07/2009 - 22:34

Thank you for your solution, but it's not really what I'm looking for. I want to capture all L2 and L3 packets between Provider Switch and my ASR router.

I hope someone else can help me.

John Rumball Mon, 06/28/2010 - 11:32

I tried to set this up also on my ASR 1002 Version 12.2(33)XNE and all I can seem to capture is the odd ethernet frame that Wireshark identifies as a DEC DNA Remote Console frame.

My monitor session config looks like this:

Session 1
---------
Type                   : Local Session
Status                 : Admin Enabled
Source Ports           :
    Both               : Gi0/0/0
Destination Ports      : Gi0/1/0

interface configs looks like this:

interface GigabitEthernet0/0/0
description SSH FEED
bandwidth 50000
ip address 10.1.2.3 255.255.255.248
ip access-group EXTERNAL-FIREWALL in
no ip redirects
ip nat outside
ip virtual-reassembly
ip route-cache same-interface
ip policy route-map IPSEC-ROUTEMAP
no negotiation auto
crypto map GENERIC
end

interface GigabitEthernet0/1/0
no ip address
negotiation auto
end

Any ideas as to why I'm not capturing any of the traffic I expect to see leaving Gi0/0/0 .

Thanks.

John

b.julin Mon, 06/28/2010 - 11:52

I dunno, the devel team is too busy adding support for VTP over MPLS with VRF-aware QinQ DPI pruning?  :-)

I still haven't tried monitor sessions on mine, but I do note there is a "debug monitor" command, in case you hadn't noticed it.

John Rumball Mon, 06/28/2010 - 12:51

Thanks... didn't know about the "debug monitor" command so I tried it and guess what?? It revealed nothing. Nada. No surprise there.

Paolo Bevilacqua Mon, 06/28/2010 - 23:08

It works a little different on the ASR

on IOS:

debug platform hardware qfp active feature ipsec datapath trace
debug platform hardware qfp active feature ipsec datapath info


RP console -- telnet to fp console (telnet fp0-0)

fp console:

tail -f cpp_cp_F0-0.log

(Thanks Trent!!)

Actions

This Discussion