Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
432
Views
0
Helpful
5
Replies

trouble configuring VACL

njconnect
Level 1
Level 1

‎01-17-2022 07:07 PM - edited ‎01-17-2022 07:08 PM

I have a WS-C3850-48U switch running IOS ver 16.6.8

 

I'm trying to configure VACL to forward all traffic from a specific VLAN to a capture port.  The issues are the following  **I know that I can use SPAN but there is a reason I'm not**

  This is the command I'm trying to run 

vlan access-map SNIFFING 10
match ip address SNIFFING  **this is the name of my extended access list
action forward capture

 

The problem is that after I type "action forward" the only option I have is to hit return.  I cannot enter "capture"

 

Second problem is that I cannot set the interface as a capture port.

after entering switchport I cannot enter the word capture to set the interface as the capture port.

 

Any help would be greatly appreciated.

Labels:
0 Helpful
5 Replies 5

paul driver
VIP
VIP

‎01-17-2022 10:05 PM - edited ‎01-18-2022 02:34 PM

Hello
To mirror (span) a vlan on a 3850 you would usually create a monitoring session not vacl,

example 1:  scr/dest same switch
monitor session x source interface vlan 10 
monitor session x destination interface x/x encapsulation replicate

or

monitor session x source interface x/x ( trunk-port)
monitor session x filter vlan 10
monitor session x destination interface x/x encapsulation replicate

 

example 2:  scr/dest same different switch
vlan10

remote span

sw1
monitor session x source interface x/x 
monitor session x destination remote vlan 10


sw2
monitor session x source  remote vlan 10
monitor session x destination  interface x/x 

 

Can you show 
sh sdm prefer


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

njconnect
Level 1
Level 1
In response to paul driver

‎01-19-2022 12:15 PM

Thank you for your response but I'm trying to do this utilizing VACL.  I know how to do it using SPAN.

0 Helpful

Georg Pauwen
VIP
VIP

‎01-17-2022 11:47 PM

Hello,

 

as far as I recall, the availability of the 'action forward capture' option is very much platform specific, I don't think the 3850 supports it. Can you configure the below on the capture interface to-be on the 3850 ?

 

3850r(config-if)# switchport capture

0 Helpful

njconnect
Level 1
Level 1
In response to Georg Pauwen

‎01-19-2022 12:16 PM

No I was not able to issue the switchport capture command on the interface.  Now I'm wondering if there is a list of the platforms that you can use the capture command on.

0 Helpful

Georg Pauwen
VIP
VIP
In response to njconnect

‎01-19-2022 12:37 PM

Hello,

 

good question. I could not find a comprehensive list of supported platforms, the best you can usually find is the minimum IOS version that supports a command...

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card