Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VACL puzzle on Cat6500 IOS

Hi,

I have to capture traffic and I wish to apply the VACL Capture as described in the doc "VACL Capture for Granular Traffic Analysis with Cisco Catalyst 6000/6500 Running Cisco IOS Software"

(http://www.cisco.com/en/US/partner/tech/tk389/tk689/technologies_configuration_example09186a00808122ac.shtml):

1. Define the interesting traffic.

Cat6K-IOS(config)#ip access-list extended HTTP_UDP_TRAFFIC

...

2. Define the VLAN access map.

Cat6K-IOS(config)#vlan access-map HTTP_UDP_MAP 10

Cat6K-IOS(config-access-map)#match ip address HTTP_UDP_TRAFFIC

Cat6K-IOS(config-access-map)#action forward capture

3. Apply the VLAN access map to the appropriate VLANs.

Cat6K-IOS(config)#vlan filter HTTP_UDP_MAP vlan-list 10

4. Configure the Capture Port

...

I am wondering that if I apply that "vlan filter", the 6500 will discard all the traffic that does not match the ACL, as sketched in the IOS 12.2(SX) conf. guide (3rd example):

(http://www.cisco.com/en/US/partner/products/hw/switches/ps708/products_configuration_guide_chapter09186a0080160a7e.html#wp1055968).

The question is: to capture only the matched part of IP traffic without to discard the unmatched traffic, must I end the access-map with a default "action forward"?

Best regards. Paolo Calcaterra

1 REPLY
Silver

Re: VACL puzzle on Cat6500 IOS

This limitation also exists with VACL Capture when running in IOS.

CatOS does not have these limitations.

If you want to know more please click Below URL:

http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_guide_chapter09186a00805e34fe

700
Views
0
Helpful
1
Replies