We have a Nexus N7K with NX-OS 4.2. Ethanalzer/Built-in Wireshark works great for IP-Packets which go to the Nexus' CPU, but - as stated by Cisco - most traffic doesn't pass through the CPU and therefor cannot be sniffed & analyzed by the built-in Packet Capture as such...
The procedure in this White Paper does not seem to work for us - NX-OS (4.2?) rejects the interface-config "ip access-list". If I just replace ip access-list with "ip access-group my-app input", I kill all traffic on the Interface.
1. How can we pass regular Data Plane Traffic to the CPU, if the above procedure does not work because of the "ip access-list"-command?
2. Ethanalyzer works only in the Default VDC. If we want to capture Packets in another VDC, does this work too? (-> ACL-Definition and ACL-On-Interface-Statement in VDC XY and ethanalyzer-Statement in Default-VDC)?
3. We would like to capture traffic on a Port-Channel. Can we use the ACL on the int poXY, or should we configure it on all corresponding Physical Interfaces?
Re: Problem setting up Wireshark/Ethanalyzer on Nexus
Config in VDC, where your Port belongs to
ip access-list capturefilter statistics per-entry ! Capturing all Traffic from host 220.127.116.11 on TCP 1234 10 permit tcp any 18.104.22.168/32 eq 1234 log 20 permit tcp 22.214.171.124/32 any eq 1234 log 30 permit ip any any interface ethernet x/y ip access-group capturefilter in
Enable-Mode in Default-VDC:
! I try to filter both with ACL and capture-filter. Don't know wether this is necessary
ethanalyzer local interface inband capture-filter "host 126.96.36.199 && port 1234" limit-capture-frame 1000 write bootflash:snifferfile.pcap copy bootflash:/snifferfile.pcap ftp://user@ftpserver/snifferfile.pcap vrf management
Don't forget to remove the access-group (and ACL) after the capture
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...