Showing results for 
Search instead for 
Did you mean: 

trouble configuring VACL


I have a WS-C3850-48U switch running IOS ver 16.6.8


I'm trying to configure VACL to forward all traffic from a specific VLAN to a capture port.  The issues are the following  **I know that I can use SPAN but there is a reason I'm not**

  This is the command I'm trying to run 

vlan access-map SNIFFING 10
match ip address SNIFFING  **this is the name of my extended access list
action forward capture


The problem is that after I type "action forward" the only option I have is to hit return.  I cannot enter "capture"


Second problem is that I cannot set the interface as a capture port.

after entering switchport I cannot enter the word capture to set the interface as the capture port.


Any help would be greatly appreciated.


paul driver
VIP Expert VIP Expert
VIP Expert

To mirror (span) a vlan on a 3850 you would usually create a monitoring session not vacl,

example 1:  scr/dest same switch
monitor session x source interface vlan 10 
monitor session x destination interface x/x encapsulation replicate


monitor session x source interface x/x ( trunk-port)
monitor session x filter vlan 10
monitor session x destination interface x/x encapsulation replicate


example 2:  scr/dest same different switch

remote span

monitor session x source interface x/x 
monitor session x destination remote vlan 10

monitor session x source  remote vlan 10
monitor session x destination  interface x/x 


Can you show 
sh sdm prefer

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards

Thank you for your response but I'm trying to do this utilizing VACL.  I know how to do it using SPAN.

Georg Pauwen
VIP Master VIP Master
VIP Master



as far as I recall, the availability of the 'action forward capture' option is very much platform specific, I don't think the 3850 supports it. Can you configure the below on the capture interface to-be on the 3850 ?


3850r(config-if)# switchport capture

No I was not able to issue the switchport capture command on the interface.  Now I'm wondering if there is a list of the platforms that you can use the capture command on.



good question. I could not find a comprehensive list of supported platforms, the best you can usually find is the minimum IOS version that supports a command...

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: