cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
452
Views
0
Helpful
4
Replies

filter monitor session did not work on Nexus5K

aqrxz
Level 1
Level 1

hi all,

i have Nexus5548 running NX-OS release 7.1.0.N1.1a

setting in a lab connecting to 2 VM and span the port to VM#2

i tried ping and generate the UDP packet from VM#2 >>> VM#1

but seems the packet capture showing everyting (ICMP,UDP,etc...) like the switch does not filter the packets.

i also tried this on the other switch N5672 running the same version, the result is just the same...

does anyone know how can i able to filter the packet from Nexus?

configuration for monitor session and ACL config as below;

monitor session 1

  source interface Ethernet1/5 both
  destination interface Ethernet1/32
  filter access-group acl-test
  no shut
IPV4 ACL acl-test
        1 permit icmp any any log
        10 deny udp any any log
        20 deny ip any any log

4 Replies 4

Your ACL filter is not working at all, it seems. Do you have PBR (policy based routing) enabled on the same device by any chance ? There is a bug that says both won't work together...

no pbr enabled on the nexus

can you please tell me more why the ACL won't working?

Hello,

try and eliminate the 'log' keyword from your access list. I am not sure if logging and capturing go together. So your access list should look like this:

IPV4 ACL acl-test
 1 permit icmp any any
 10 deny udp any any
 20 deny ip any any

Also, have a look at this document, maybe you find something in there:

http://www.cisco.com/c/en/us/support/docs/switches/nexus-7000-series-switches/116044-nexus-7000-acl-capture-00.html

already removed logging from ACL, but it still the same...

IPV4 ACL acl-test
        10 permit icmp any any
        20 permit udp any any eq 6999
        30 deny udp any any
        40 deny ip any any

ps. from your provided document, i already read it but it's on N7K, so there's no type 'acl-capture' to use.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco