Nexus 7000 Ethanalyzer Configuration

paul1202 · ‎12-15-2016

Hi,

Please could someone let me know what the configuration would be to setup an Ethanalyzer session on a Nexus 7000.

We have a management VLAN running HSRP between 2 Nexus 7000 switches.

We simply want to capture and see all devices that traverse the management VLAN 100 (172.30.0.0/23) on the N7Ks.

The captured data should be sent to a file as I expected the capture needs to run for an extended time to ensure all devices are captured.

Thanks in advance.

Mark Malone · ‎12-15-2016

Hi heres a good guide on how to use that feature

http://www.cisco.com/c/en/us/support/docs/switches/nexus-7000-series-switches/116136-trouble-ethanalyzer-nexus7000-00.html

Darsan Menon · ‎01-07-2017

Primarily, Ethanalyzer capture only the packets hitting the CPU on the switch. Any other packets traverse the VLAN 100 between any other 2 devices will NOT be seen in the Ethanalyzer capture.

So, I assume you are trying to capture the traffic that's destined to the switch on which the capture is being done and not the traffic passing through the switch in VLAN 100.

paul1202 · ‎01-09-2017

Hi Darsan - thanks for your response.

The customers aim is to capture all the devices on the management VLAN100 that flow through it to the various network management stations etc. located on other subnets. The HSRP address for VLAN100 resides on the N7K pair.

The plan is once it is confirmed what devices are on VLAN 100 to apply a restricted ACL on each N7K only for these devices.

Darsan Menon · ‎01-09-2017

From what you have explained, you are trying to capture the traffic passing through that VLAN which is routed by the N7K. These packets are hardware forwarded and they do not go through the CPU of the switch. Hence you CANNOT capture any of these packets using Ethanalyzer.