Catalyst 9300 VxLAN packet capture

KevinR99 · ‎11-24-2024

Hi,

I require to chase a problem through my network using the packet capture feature on Cat9300’s. They are used in an SD Access topology so as soon as the packets leave the Edge switch they are encapsulated in VxLAN. How do I capture specific packets that are encapsulated in VxLAN? For example, I wish to chase some dhcp traffic but if I configure an ACL matching DHCP nothing is captured as the packets are VxLAN. I don’t want to capture all packets and filter out the dhcp ones via wireshark because there is just way too much other traffic filling up my buffer. I just want the dhcp packets inside vxlan packets.

Any ideas?

Thanks, Kev.

Flavio Miranda · ‎11-24-2024

@KevinR99

Try something like

debug platform software fed switch active punt packet-capture set-filter vxlan

https://www.cisco.com/c/en/us/support/docs/switches/catalyst-9300-switch/221841-troubleshoot-control-plane-operations-on.html

balaji.bandi · ‎11-24-2024

Check DHCP packet walk :

https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/tech_notes/sda_dhcp/b_cisco_sda_dhcp.html

Overall packet flow :

https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/tech_notes/sda_fabric_troubleshooting/b_cisco_sda_fabric_troubleshooting_guide.html

You can also span the port and use an externally filter what you are looking to filter

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

KevinR99 · ‎11-25-2024

Thank you but I know the dhcp process and packet flow. My requirement is to capture packets as they leave the switch. Perhaps I was too restrictive in my description. I used DHCP as an example. The issue really is how do I capture the traffic that is VxLAN but I want to look at the inner IP packet and match on any TCP/UDP/ICMP header information. In addition I am not in a position to do a span of the port which is why I require to use the embedded packet capture feature. That negates the need to actually get a device on another port and span to it.

I appreciate the responses but the question is can we match the inner IP packet information using embedded packet capture. I want to see the packet the switch puts on the wire.

MHM Cisco World · ‎11-24-2024

I send you PM check it

MHM

KevinR99 · ‎11-25-2024

“if I configure an ACL matching DHCP nothing is captured as the packets are VxLAN”

I need a way to filter based on the inner packet in VxLAN.

MHM Cisco World · ‎11-25-2024

spine/leaf#sh mon cap TAC buff br | i DHCP

capture using ACL of leaf and spine IP
then show brief i dhcp only

MHM

MHM Cisco World · ‎11-28-2024

any update friend ??

MHM