Trying to setup VACL to output data on multiple VLANs to one capture port. I have 3 VLANs as part of my security ACL, and have a FreeBSD box off of that trunked capture port trunking all 3 of those VLANs. The access-list for the security ACL is 'permit ip any any'.
The problem is that I only see traffic one way for one VLAN to the other. I see multicast/broadcast traffic from all 3 VLANs with the correct 'tag' information. However, I cannot see bidirectional traffic.
So, two questions:
1. What am I missing?
2. Why do I not see anything in the 'show security acl log flow ip any any'? (Shows nothing listed, just '0')
Nevermind...the problem seemed to be that I did not have all VLAN interfaces up on the FreeBSD box (so they weren't part of the trunk), and the other issue was related to the VACL only logging hits on the ACL for 'deny' rules. I don't understand why I can't log permits, but who knows. I am on 7.4.2 of the 6500 CatOS.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...