Capture Capability with VACLs on Low end Switches.

Unanswered Question
May 27th, 2010

There is a feature on Cisco High End Switches (Catalyst 6500/7600) that allows you to "mirror" traffic from a source to a destination using ACLs to further filter out only required traffic i.e. when port bandwidth is restrictive or for security reasons.

http://www.cisco.com/application/pdf/paws/89962/vacl_capture.pdf

I was wondering if this feature could also be achived on Cisco 4500 or 3750 series switches perhaps following a different method.

Regards.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Ganesh Hariharan Thu, 05/27/2010 - 01:49

There is a feature on Cisco High End Switches (Catalyst 6500/7600) that allows you to "mirror" traffic from a source to a destination using ACLs to further filter out only required traffic i.e. when port bandwidth is restrictive or for security reasons.

http://www.cisco.com/application/pdf/paws/89962/vacl_capture.pdf

I was wondering if this feature could also be achived on Cisco 4500 or 3750 series switches perhaps following a different method.

Regards.

Hi ,

VACL capture works with most of the newer Cisco switches including the 6500, 4500, 4900, 3750E, 3750, 3560E, and the 3560. To find out if your switch supports this feature take a look at the below link for more information.

http://www.cisco.com/en/US/prod/switches/ps5718/ps708/networking_solutions_products_genericcontent0900aecd805f0955.pdf

Hope to Help !!

Ganesh.H

Remember to rate the helpful post

Calin Chiorean Thu, 05/27/2010 - 02:00

Sorry, but I've tried on C3750 to configure VACL and it's not possible. Then I thought that my IOS is old and I tried with Cisco Software Advisory to find a IOS to support VACL. I couldn't find one. When you type VACL, or Vlan ACL or any other combination there is no result.

With C6500, when I have typed VACL in the advisory feature field, the term was recognized immediately.

Are you sure about C3750 supporting VACLs?

Calin Chiorean Thu, 05/27/2010 - 01:50

Hi!

I think you can achieve similar results using the "filter" parameter on SPAN or RSPAN:

sw1-c3750(config)#monitor session 1 filter ?

  ip    Specify IP Access control rules

  mac   Specify MAC Access control rules

  vlan  SPAN filter VLAN

E.g. I have tried on the c3750 a SPAN configureation with source one vlan, and in this vlan only http traffic to destination X. It worked fine, but I didn't had the time to go into more detailed tests.

Let me know if this helps you.

pavlosd Thu, 05/27/2010 - 02:36

I tried to find in feature navigatr this feature (VACL Capture) but is only listed for Cisco Catalyst 6500/7600.

On the other hand, in the Cisco Catalyst Switch Guide, it says that VACL Capture is also present into the Low End Switches.

Moreover I came accross to this article by networdwold: http://www.networkworld.com/community/node/33617

which also mentions that is supported on the Low End.

I tried the commands my self and they do not seem to exist. Again perhaps s a software or feature (EI) issue.

I would test further and let you know.

Calin Chiorean Thu, 05/27/2010 - 04:39

I cannot find that command either, but the filter parameter is related to monitor session and to source or destination:

sw1-c3750(config)#monitor session 1 filter ip access-group ?
  <1-199>      IP access list (standard or extended)
  <1300-2699>  IP expanded access list (standard or extended)
  WORD         Access-list name

on C3750 with c3750-ipservicesk9-mz.122-46.SE.bin

I saw now that on C3750E you have the possibility to support VACL, but not capture with VACL.

pavlosd Sat, 05/29/2010 - 08:15

Ok. Thanks.

I could find the commands on some c3570 Gigabit Switches, but not on some older 10/100Mb. That's weird.

Actions

This Discussion

Related Content