Capture Capability with VACLs on Low end Switches.

pavlosd · ‎05-27-2010

There is a feature on Cisco High End Switches (Catalyst 6500/7600) that allows you to "mirror" traffic from a source to a destination using ACLs to further filter out only required traffic i.e. when port bandwidth is restrictive or for security reasons.

http://www.cisco.com/application/pdf/paws/89962/vacl_capture.pdf

I was wondering if this feature could also be achived on Cisco 4500 or 3750 series switches perhaps following a different method.

Regards.

Ganesh Hariharan · ‎05-27-2010

There is a feature on Cisco High End Switches (Catalyst 6500/7600) that allows you to "mirror" traffic from a source to a destination using ACLs to further filter out only required traffic i.e. when port bandwidth is restrictive or for security reasons.

http://www.cisco.com/application/pdf/paws/89962/vacl_capture.pdf

I was wondering if this feature could also be achived on Cisco 4500 or 3750 series switches perhaps following a different method.

Regards.

Hi ,

VACL capture works with most of the newer Cisco switches including the 6500, 4500, 4900, 3750E, 3750, 3560E, and the 3560. To find out if your switch supports this feature take a look at the below link for more information.

http://www.cisco.com/en/US/prod/switches/ps5718/ps708/networking_solutions_products_genericcontent0900aecd805f0955.pdf

Hope to Help !!

Ganesh.H

Remember to rate the helpful post

Calin C. · ‎05-27-2010

Sorry, but I've tried on C3750 to configure VACL and it's not possible. Then I thought that my IOS is old and I tried with Cisco Software Advisory to find a IOS to support VACL. I couldn't find one. When you type VACL, or Vlan ACL or any other combination there is no result.

With C6500, when I have typed VACL in the advisory feature field, the term was recognized immediately.

Are you sure about C3750 supporting VACLs?

Calin C. · ‎05-27-2010

Hi!

I think you can achieve similar results using the "filter" parameter on SPAN or RSPAN:

sw1-c3750(config)#monitor session 1 filter ?

ip Specify IP Access control rules

mac Specify MAC Access control rules

vlan SPAN filter VLAN

E.g. I have tried on the c3750 a SPAN configureation with source one vlan, and in this vlan only http traffic to destination X. It worked fine, but I didn't had the time to go into more detailed tests.

Let me know if this helps you.

pavlosd · ‎05-27-2010

I tried to find in feature navigatr this feature (VACL Capture) but is only listed for Cisco Catalyst 6500/7600.

On the other hand, in the Cisco Catalyst Switch Guide, it says that VACL Capture is also present into the Low End Switches.

Moreover I came accross to this article by networdwold: http://www.networkworld.com/community/node/33617

which also mentions that is supported on the Low End.

I tried the commands my self and they do not seem to exist. Again perhaps s a software or feature (EI) issue.

I would test further and let you know.

pavlosd · ‎05-27-2010

Can you confirm the version and model number of the c3750 that the

"monitor destination <1-6> filter ip " command exists, because I cannot find it on our switches (not even in cisco documentation for the latest release). I could only find it in the Cisco 4500 Series http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/25ew/configuration/guide/span.html

Regards.

Calin C. · ‎05-27-2010

I cannot find that command either, but the filter parameter is related to monitor session and to source or destination:

sw1-c3750(config)#monitor session 1 filter ip access-group ?
<1-199> IP access list (standard or extended)
<1300-2699> IP expanded access list (standard or extended)
WORD Access-list name

on C3750 with c3750-ipservicesk9-mz.122-46.SE.bin

I saw now that on C3750E you have the possibility to support VACL, but not capture with VACL.

pavlosd · ‎05-29-2010

Ok. Thanks.

I could find the commands on some c3570 Gigabit Switches, but not on some older 10/100Mb. That's weird.