Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1906
Views
0
Helpful
5
Replies

IP traffic export on subinterface

Go to solution
Sergey Prishchepa
Spotlight
Spotlight

‎09-10-2015 11:13 PM - edited ‎03-05-2019 02:16 AM

Hi!

I need capture the traffic on subinterface router 2921 ios c2900-universalk9-mz.SPA.151-4.M1.bin. Configuration:

 

ip traffic-export profile IPexport mode capture
 bidirectional

!

interface GigabitEthernet0/1
 ip address 1.1.1.1 255.255.255.252
 ip flow ingress
 ip virtual-reassembly in max-reassemblies 64
 ip traffic-export apply IPexport
 load-interval 30
 duplex auto
 speed auto
!
interface GigabitEthernet0/1.10
 encapsulation dot1Q 10
 ip traffic-export apply IPexport
 bridge-group 10
!

interface BVI10
 ip address dhcp
 ip flow ingress

!
bridge 10 protocol ieee
bridge 10 route ip

 

I see traffic only of the interface GigabitEthernet0/1. I try mode export, but result the same.

What is wrong?

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mark Malone
VIP Alumni
VIP Alumni

‎09-11-2015 02:40 PM

Hi your using a layer 3 command applied to a sub-interface with no IP applied acting as layer 2 i would say that's why its not working as it can only capture traffic on an ip interface

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Mark Malone
VIP Alumni
VIP Alumni

‎09-11-2015 02:40 PM

Hi your using a layer 3 command applied to a sub-interface with no IP applied acting as layer 2 i would say that's why its not working as it can only capture traffic on an ip interface

0 Helpful

Go to solution
Sergey Prishchepa
Spotlight
Spotlight
In response to Mark Malone

‎09-13-2015 10:52 PM

That is IP traffic export only for layer 3? And for layer 2 only monitor session?

0 Helpful

Go to solution
Mark Malone
VIP Alumni
VIP Alumni
In response to Sergey Prishchepa

‎09-14-2015 12:56 AM

RITE works based on ip packets being sent in our out of an interface but your output/input on a layer 2 interface would be frames not ip packets so RITE has nothing to actually capture on it so that's why I think its only working for you on the main interface as you have specified an ip for it to work with

Span is different that captures all traffic that goes in our out of interface regardless of whether its ip/frame or application level everything is captured and viewed through pcap on wireshark but unfortunately span is not supported on most routers, with routers most use 3rd party applications to record there traffic like CA,NetQos,Prime etc  , erspan would works as well on switch but only on some higher end switches like 6500s

0 Helpful

Go to solution
Mark Malone
VIP Alumni
VIP Alumni
In response to Mark Malone

‎09-14-2015 12:59 AM

Check if you have EPC on the router on some newer models that's available and if so you could use that and export it to you pc to view

monitor capture

0 Helpful

Go to solution
Sergey Prishchepa
Spotlight
Spotlight
In response to Mark Malone

‎09-14-2015 02:23 AM

With monitor capture ruselt the same, i see traffic only of the interface GigabitEthernet0/1.

monitor capture buffer 1 size 10000

monitor capture point associate 1 1

 

 

monitor capture point ip cef 1 bvi 10 both

or

monitor capture point ip cef 1 gigabitEthernet 0/1.10 both

 

0 Helpful
Customers Also Viewed These Support Documents