Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5025
Views
0
Helpful
6
Replies

Traffic Capture on Cisco ASR 1002 Routers

ju.mahieu
Level 1
Level 1

‎09-07-2009 06:50 AM - edited ‎03-04-2019 05:57 AM

Hi,

I have to set up a traffic capture on my Cisco ASR 1002 router. The router is under 12.2(33)XNB2, RELEASE SOFTWARE (fc2) version.

My configuration is like below:

BB-1(config)#monitor session 1 type local

BB-1(config-mon-local)#source interface gigabitEthernet 0/0/0

BB-1(config-mon-local)#destination interface gigabitEthernet 0/0/3

It doesn't work. No packet seems to be captured on my traffic Sniffer plugged in Gi0/0/3.

Thanks for you help,

Regards,

Ju

Labels:
0 Helpful
6 Replies 6

b.julin
Level 3
Level 3

‎09-07-2009 12:32 PM

I haven't tried it on the ASR yet. Maybe zone security gets in the way?

At any rate, depending on what you need it for, "debug ip packet #ACL" works for debugging. Not the same thing I know.

0 Helpful

ju.mahieu
Level 1
Level 1
In response to b.julin

‎09-07-2009 10:34 PM

Thank you for your solution, but it's not really what I'm looking for. I want to capture all L2 and L3 packets between Provider Switch and my ASR router.

I hope someone else can help me.

0 Helpful

N3t W0rK3r
Level 3
Level 3
In response to ju.mahieu

‎06-28-2010 11:32 AM

I tried to set this up also on my ASR 1002 Version 12.2(33)XNE and all I can seem to capture is the odd ethernet frame that Wireshark identifies as a DEC DNA Remote Console frame.

My monitor session config looks like this:

Session 1
---------
Type                   : Local Session
Status                 : Admin Enabled
Source Ports           :
    Both               : Gi0/0/0
Destination Ports      : Gi0/1/0

interface configs looks like this:

interface GigabitEthernet0/0/0
description SSH FEED
bandwidth 50000
ip address 10.1.2.3 255.255.255.248
ip access-group EXTERNAL-FIREWALL in
no ip redirects
ip nat outside
ip virtual-reassembly
ip route-cache same-interface
ip policy route-map IPSEC-ROUTEMAP
no negotiation auto
crypto map GENERIC
end

interface GigabitEthernet0/1/0
no ip address
negotiation auto
end

Any ideas as to why I'm not capturing any of the traffic I expect to see leaving Gi0/0/0 .

Thanks.

John

0 Helpful

b.julin
Level 3
Level 3
In response to N3t W0rK3r

‎06-28-2010 11:52 AM

I dunno, the devel team is too busy adding support for VTP over MPLS with VRF-aware QinQ DPI pruning?  :-)

I still haven't tried monitor sessions on mine, but I do note there is a "debug monitor" command, in case you hadn't noticed it.

0 Helpful

N3t W0rK3r
Level 3
Level 3
In response to b.julin

‎06-28-2010 12:51 PM

Thanks... didn't know about the "debug monitor" command so I tried it and guess what?? It revealed nothing. Nada. No surprise there.

0 Helpful

paolo bevilacqua
Hall of Fame
Hall of Fame

‎06-28-2010 11:08 PM

It works a little different on the ASR

on IOS:

debug platform hardware qfp active feature ipsec datapath trace
debug platform hardware qfp active feature ipsec datapath info


RP console -- telnet to fp console (telnet fp0-0)

fp console:

tail -f cpp_cp_F0-0.log

(Thanks Trent!!)

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card