10-24-2016 03:28 AM - edited 03-08-2019 07:53 AM
hi all,
i have Nexus5548 running NX-OS release 7.1.0.N1.1a
setting in a lab connecting to 2 VM and span the port to VM#2
i tried ping and generate the UDP packet from VM#2 >>> VM#1
but seems the packet capture showing everyting (ICMP,UDP,etc...) like the switch does not filter the packets.
i also tried this on the other switch N5672 running the same version, the result is just the same...
does anyone know how can i able to filter the packet from Nexus?
configuration for monitor session and ACL config as below;
monitor session 1
source interface Ethernet1/5 both
destination interface Ethernet1/32
filter access-group acl-test
no shut
IPV4 ACL acl-test
1 permit icmp any any log
10 deny udp any any log
20 deny ip any any log
10-24-2016 04:26 AM
Your ACL filter is not working at all, it seems. Do you have PBR (policy based routing) enabled on the same device by any chance ? There is a bug that says both won't work together...
10-24-2016 04:29 AM
no pbr enabled on the nexus
can you please tell me more why the ACL won't working?
10-24-2016 05:04 AM
Hello,
try and eliminate the 'log' keyword from your access list. I am not sure if logging and capturing go together. So your access list should look like this:
IPV4 ACL acl-test
1 permit icmp any any
10 deny udp any any
20 deny ip any any
Also, have a look at this document, maybe you find something in there:
http://www.cisco.com/c/en/us/support/docs/switches/nexus-7000-series-switches/116044-nexus-7000-acl-capture-00.html
10-24-2016 05:25 AM
already removed logging from ACL, but it still the same...
IPV4 ACL acl-test
10 permit icmp any any
20 permit udp any any eq 6999
30 deny udp any any
40 deny ip any any
ps. from your provided document, i already read it but it's on N7K, so there's no type 'acl-capture' to use.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide