The most important tool in troubleshooting ACE is the built in capture feature. This feature will enable user to capture live packets of the intended traffic in real time. The attributes of the packet are defined by an ACL. The ACE buffers the captured packets, and you can copy the buffered contents to a file in Flash memory on the ACE or to a remote server. To avoid taxing ACE resources, it is recommended to use an ACL specific to the intended traffic for the capture. This result of the capture can be displayed via CLI or can be exported to be analyzed using a packet capture utility such as Ethereal or Wireshark.
Packet Capture Details
The ACE captures packets subject to the following guidelines:
One capture session is used per context
Capture is triggered at flow setup
Capture is configured on the client interface where the flow is received
Note: Probe traffic will not hit a security ACL, so ACLs cannot control the capture of those packets. Therefore, probe traffic cannot be captured by the packet capture utility.
If possible, you should capture packets using the ACE packet capturing utility before and after symptoms appear. Save the packet captures to a file.
ACE-CAT/ADMIN(config)# access-list TEST ?
ethertype Configure access control for ethernet-traffic for the system
extended Configure access-control for IP traffic through the system
line Line-number at which this ACL entry should be entered
remark Specify remark/comment for the access-list
resequence Re-sequence access list
ACE-CAT/ADMIN(config)# access-list TEST extended permit tcp any 172.16.55.244 0.0.0.0
Start and Stop ACL
ACE-CAT/ADMIN# capture TEST ?
all Capture packets for all interfaces
interface Interface to listen
remove Remove the packet capture configuration
start Start packet capture
stop Stop packet capture
ACE-CAT/ADMIN# capture TEST all access-list TEST bufsize 500
The reason I want to do so is for APIC hardware upgrade. I have 3-node APIC-M1 cluster and I need to upgrade/migrate to 3-node APIC-M3 cluster. During the migration process, will the cluster be healthy with a mix of the M1 and M3 cluster? The firmwar...
Hi Community, An aci leaf appeared as inactive in fabric membership and unrechable from apic side. Actually, i can ping other leaves, spines and all apics but in leaf side i typed "moquery -c faultInfo" i got this message : Can someone hel...
Hello guys, Iam trying disable Cisco Device Manager to listening on tcp 80 but it still comes on ip in web browser..I tried apply Access list on mgmt interface and also disable feature http-server on DS-HP-8GFC-K9 (NX-OS) but still is there How...
Hi ACI professionals,I want to disable the Intersight Device Connector using the REST API.Unfortunately I have no idea what the correct object is. The API inspector does not show any changes when changing the Intersight preferences over the GUI. Furthermo...
Hi.Server admin is going to deploy RDMA cluster with Win SRV 2016-2019 using iWARP, not RoCE/RoCEv2.He provided a deployment guide with config examples for Cluster Member Hosts and Cisco Nexus switches which these hosts are connected to.This guide says to...