02-28-2011 06:42 PM
Version - 5.0(2)N2(1)
My understanding is that we need
1) Access-List defined, with statistics configured to get matched traffic onto control plane
2) Access-List applied to an interface, via command "ip port access-group mycap in"
3) ethanalyzer command, ex; "ethanalyzer local interface mgmt capture-filter "net 1.1.1.0/24" (also tried interfaces inbound-hi & inbound-low)
I see matches on the access-list, but not seeing anything captured.
What am I missing?
ip access-list mycap
statistics per-entry
10 permit ip any 1.1.1.0/24
20 permit ip 1.1.1.0/24 any
30 permit ip any any
03-01-2011 08:12 PM
can you please try display-filter instead of capture-filter in the ethanalyzer command ?
03-03-2011 06:57 AM
display-filter appears to give any traffic crossing the control plane. I'm trying to find a way to capture the traffic (data plane) coming in a host connected port.
It appears that may not be available - is that correct?
03-03-2011 09:51 AM
correct, ethanalyzer is only for traffic going to the CPU. Cut trough switched traffic between hosts is not captured with ethanalyzer, you need to use a span session for this.
03-24-2011 01:19 PM
From a Nexus training it is possible to capture the traffic with the ethanalyzer, but you need to send the traffic to the control plane. I'll need to look up the configurations that the instructor gave us to do this.. I'll see if I can find it.
03-31-2011 07:31 AM
just fyi.. on a similar sidenote we are going to enchance the capability of capture filter to collect the necessary statistics via the following enhancement
CSCsz99277 - ethanalyzer capture filter broken
05-18-2011 03:07 PM
TJ,
Is it possible you are referring to the log keyword on the Nexus 7000? The hardware capabilities in this case do not correspond to the N5k platform unfortunately.
Regards,
John
04-24-2012 12:53 PM
Can you tell us how to do that? I can't find any documentation on how to send a SPAN (monitor) session to the Ethanalyzer. Is the destination port 4 (inbound-lo) on the Sup?
07-03-2012 03:59 AM
from what i undersatand to capture data plane traffic in ethanalyzer on the 7k you need to add the log keywoard to the acl entry, as this causes the traffic to be punted to the CPU. this is not recommmended and may by of limted use with the 7k hardware based control plane policies. (ie the traffic may get dropped before reaching the cpu if COPP policies arent removed. do so at your own risk...)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide