I applied the monitor capture as listed below - c4500. However, I am only able to see one-way communication, meaning only traffic leaving the source IP defined in ACL, but no incoming traffic is seen on the capture.
ip access-list extended MonCapTest permit ip host 188.8.131.52 host 184.108.40.206
Instead of using the Vlan111 interface, I applied monitor capture on the interface hosting device with IP 220.127.116.11 resulting in the same output.
Status Information for Capture test Target Type: Interface: Vlan111, Direction: both Status : Active Filter Details: Access-list: MonCapTest File Details: File not associated Buffer Details: Buffer Type: CIRCULAR Buffer Size (in MB): 10 Limit Details: limit not set
Extract of capture - 18.104.22.168 is pinging 22.214.171.124, which is member of VLAN 111:
==>ping requests are missing on packet capture; I was expecting that RX and TX are captured.
Hi, I was looking for another issue and stumbled upon this one ... probably already resolved but I have a feeling the Access List is the bottle neck ... you have chosen specific SRC and DST IP Addresses which means that only packets with SRC 126.96.36.199 and DST 188.8.131.52 will be recorded ... but not SRC 184.108.40.206 / DST 220.127.116.11 on the way back. The Monitor Capture for BOTH ways is fine, just edit the Access List to also capture the SRC & DST of the Packet on it's way back