Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1055
Views
1
Helpful
8
Replies

Embedded packet capture not capturing packets from outside LAN

Go to solution
dragojlo
Level 1
Level 1

‎11-04-2023 06:09 PM

HI all,

I have Catalyst 4500 L3 Switch and I am trying to capture some packets with EPC from outside my LAN but I see only packets coming from inside my network. I have configured my access list for EPC like this:

permit ip any host xx.xx.xx.x

permit ip host xx.xx.xx.x any

I want to see the packets for only one ip address. So when I ping ip address from my switch I see the packets coming. But when I try to ping it from outside my network nothing is coming. The IP address is definitely reachable from outside. I think the EPC is configured properly because I wouldn't see any packets at all. Does someone maybe know what might be the problem?

Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
MHM Cisco World
VIP
VIP
In response to dragojlo

‎11-05-2023 05:04 AM

there are CEF and process switching, 
remove the CEF from capture and check again (make the direction BOTH).

Thanks A Lot
MHM

View solution in original post

0 Helpful
8 Replies 8

Go to solution
Torbjørn
Spotlight
Spotlight

‎11-05-2023 01:52 AM

Is the 4500 performing NAT on the traffic?

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev
0 Helpful

Go to solution
dragojlo
Level 1
Level 1
In response to Torbjørn

‎11-05-2023 04:41 AM

No, there is no NAT configured on the switch.

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎11-05-2023 02:42 AM

do you apply the packet capture control-plane IN or OUT direction ??

Thanks A Lot
MHM

0 Helpful

Go to solution
dragojlo
Level 1
Level 1
In response to MHM Cisco World

‎11-05-2023 04:53 AM

I have set it to be both direction. Like this:

monitor capture point ip cef POINT vlan 45 both

I forgot to mention that it is a vlan interface but as I said the IP address is definitely reachable from outside so I don't know if it matters.

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to dragojlo

‎11-05-2023 05:04 AM

there are CEF and process switching, 
remove the CEF from capture and check again (make the direction BOTH).

Thanks A Lot
MHM

0 Helpful

Go to solution
dragojlo
Level 1
Level 1
In response to MHM Cisco World

‎11-05-2023 12:24 PM

I removed CEF and now I can see some packets from outside but they are not mine. When I ping and ssh to my host I still don't see that packets coming. Could a host somehow be blocking to see the packets? Thanks for help MHM, I am new to this and I am still learning.

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to dragojlo

‎11-05-2023 12:36 PM

Use from-us to check ping/ssh/telnet from SW or to SW. 

0 Helpful

Go to solution
dragojlo
Level 1
Level 1
In response to MHM Cisco World

‎11-06-2023 01:56 PM

Thank you for help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card