Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
346
Views
0
Helpful
1
Replies

Problems trying to use VACL to prescreen NAM capture traffic

jerry.marsh
Level 1
Level 1

‎04-23-2004 08:54 AM - edited ‎03-02-2019 03:13 PM

I have a 6500 [IOS 12.1(19)E1] with a NAM module [3.1(1a) w/ Patch 4]. I am trying to use an IP extended VACL to prefilter a capture stream being recieved from an external RSPAN source (since the filtering capability in the NAM is very limited).

The commands for this in the switch/router are:

analysis module 6 data-port 1 capture allowed-vlan 600

vlan access-map map-fwsm 100

match ip address acl-fwsm

action forward capture

!

vlan filter map-fwsm vlan-list 600

When the access list "acl-fwsm" is very simple, this seems to work fine. When a more complex ACL is used, this seem to break down and foward more than the desired traffic.

I have a document on VACLs in general (CATOS oriented), but maybe I am missing something. I thought I could pretty much filter on IP addresses and/or TCP/UDP ports in the VACL like any other IOS ACL.

Are there limitations I need to be aware of or is this a bug?

This filter seems to work fine:

ip access-list extended acl-fwsm

deny ip any host 224.0.0.2

deny ip any host 224.0.0.10

deny udp any any eq ntp

deny tcp any 192.168.250.198 0.0.0.1 eq www

deny tcp any 192.168.250.198 0.0.0.1 eq 443

permit ip any any

Labels:
0 Helpful
1 Reply 1

skarundi
Level 4
Level 4

‎04-25-2004 06:32 PM

i think you are encountering a bug. Check out bug ID CSCeb61695. Fixed in 12.1(22)E.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card