Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Capture pass through traffic using VACL

Hi all,

Here I attach the diagram that demonstrates my setup in which Cat6500 Supervisor Engine, Internet Router and provider Edge Router are in vlan-2. All devices making OSPF neighbor relationship to each other and both routers are directly connected to Cat6500.

I want to capture traffic coming from internet passes through Cat6500 and going towards which is connected to PE router and rest of the traffic forward only. For this I have setup Anomaly Detector which will monitor the traffic. I suggested the following configuration to capture traffic:

Sup (config)# ip access-list extended ACL-1

Sup (config-ext-nacl)#permit ip any

Sup (config)# anomaly-detector module 7 data-port 1 capture

Sup (config)# anomaly-detector module 7 data-port 1 capture allowed-vlan 2

Sup (config-ext-vacl)# vlan access-map Detector_capture 10

Sup (config-ext-vacl)# match ip address ACL-1

Sup (config-ext-vacl)# action forward capture

Sup (config-ext-vacl)# vlan access-map Detector_capture 20

Sup (config-ext-vacl)# action forward

Sup (config-ext-vacl)# exit

Sup (config)# vlan filter Detector_capture vlan-list 2

Will this configuration works correctly according to my query??

Please provide me feedback.


Re: Capture pass through traffic using VACL

You must configure the switch to capture the traffic sent to the zone and pass a copy of it to the Detector module. The Detector module analyses the network traffic passing through it and monitors it for evolving attack patterns.

Verify the Detector module configuration on the supervisor engine, type the following command at the supervisor engine prompt:

Show anomaly-detector module slot_number {management-port | data-port port_number} [state | traffic]