We have a Nexus N7K with NX-OS 4.2. Ethanalzer/Built-in Wireshark works great for IP-Packets which go to the Nexus' CPU, but - as stated by Cisco - most traffic doesn't pass through the CPU and therefor cannot be sniffed & analyzed by the built-in Packet Capture as such...
The corresponding White Paper (http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9402/ps9512/white_paper_c11-554444.html) says, that - in order to capture normal dataplane traffic - we need to log each Packet with an ACL, like:
IP access list my app
10 permit tcp 22.214.171.124/32 1.1.2/32 eq 5600 log
20 permit tcp 126.96.36.199/32 188.8.131.52/32 eq 5600 log
ethanalyzer local interface inband capture-filter "port 5600" limit-capture-frame 0 write bootflash:my-app-capture
interface ethernet 1/1
ip access-list my-app input
The procedure in this White Paper does not seem to work for us - NX-OS (4.2?) rejects the interface-config "ip access-list". If I just replace ip access-list with "ip access-group my-app input", I kill all traffic on the Interface.
1. How can we pass regular Data Plane Traffic to the CPU, if the above procedure does not work because of the "ip access-list"-command?
2. Ethanalyzer works only in the Default VDC. If we want to capture Packets in another VDC, does this work too? (-> ACL-Definition and ACL-On-Interface-Statement in VDC XY and ethanalyzer-Statement in Default-VDC)?
3. We would like to capture traffic on a Port-Channel. Can we use the ACL on the int poXY, or should we configure it on all corresponding Physical Interfaces?
Thanx in advance and greetings from Switzerland