The most important tool in troubleshooting ACE is the built in capture feature. This feature will enable user to capture live packets of the intended traffic in real time. The attributes of the packet are defined by an ACL. The ACE buffers the captured packets, and you can copy the buffered contents to a file in Flash memory on the ACE or to a remote server. To avoid taxing ACE resources, it is recommended to use an ACL specific to the intended traffic for the capture. This result of the capture can be displayed via CLI or can be exported to be analyzed using a packet capture utility such as Ethereal or Wireshark.
Packet Capture Details
The ACE captures packets subject to the following guidelines:
One capture session is used per context
Capture is triggered at flow setup
Capture is configured on the client interface where the flow is received
Note: Probe traffic will not hit a security ACL, so ACLs cannot control the capture of those packets. Therefore, probe traffic cannot be captured by the packet capture utility.
If possible, you should capture packets using the ACE packet capturing utility before and after symptoms appear. Save the packet captures to a file.
ACE-CAT/ADMIN(config)# access-list TEST ?
ethertype Configure access control for ethernet-traffic for the system
extended Configure access-control for IP traffic through the system
line Line-number at which this ACL entry should be entered
remark Specify remark/comment for the access-list
resequence Re-sequence access list
ACE-CAT/ADMIN(config)# access-list TEST extended permit tcp any 172.16.55.244 0.0.0.0
Start and Stop ACL
ACE-CAT/ADMIN# capture TEST ?
all Capture packets for all interfaces
interface Interface to listen
remove Remove the packet capture configuration
start Start packet capture
stop Stop packet capture
ACE-CAT/ADMIN# capture TEST all access-list TEST bufsize 500
Hello Community,I have been looking for information about the routing decision on ACI.There are 3 lookup points:1- Endpoint Table2- RIB Table3- ARP Table.Basically a leaf switch will look for an endpoint on its database, if it is not found, then it tries ...
Hi, I'm getting an error when applying macsec policy to an interface, I understand what the error message is saying (can't use 1G or less on a port or port group), what I don't get is that none of the other ports in that MAC id group have SFPs, none ...
Hi, I was performing the direct transfer (agent extension) on an inbound call for UCCE 12.0, when I observed that on transferring (direct) call we receive some events for call type Consult. I wanted to know if that is the normal flow to ...
Hello,I don't understand why I'm seeing a set of errors whenever an admin logs into a Nexus 9k switch (login/role association works properly). Here's an example from a single login:2021 Aug 2 18:10:54.742 csw-02 %CRON-3-SYSTEM_MSG: (system::watch.conf) C...
Recently, I have tried to deploy APIC-dk220.127.116.11e on vCenter but after initial configuration, the system does not accept the user and password, plus the Web interface is not reachable! Moreover, I waited hours thinking that maybe the services need time to ...