Difference between revisions of "VACL capture ports Cisco IOS"
From Teknologisk videncenter
m (Created page with "<source lang=cli> !<notice> Define the interesting traffic to be caputured and sent to analysis.</notice> ip access-list extended HTTP_UDP_TRAFFIC permit tcp 10.20.20.128 0.0.0....") |
m |
||
| (One intermediate revision by the same user not shown) | |||
| Line 1: | Line 1: | ||
| + | Cisco Catalyst 6000/6500 Running Cisco IOS Software | ||
<source lang=cli> | <source lang=cli> | ||
!<notice> Define the interesting traffic to be caputured and sent to analysis.</notice> | !<notice> Define the interesting traffic to be caputured and sent to analysis.</notice> | ||
| Line 4: | Line 5: | ||
permit tcp 10.20.20.128 0.0.0.127 host 10.10.10.101 eq www | permit tcp 10.20.20.128 0.0.0.127 host 10.10.10.101 eq www | ||
permit udp any host 239.0.0.100 | permit udp any host 239.0.0.100 | ||
| − | !Define an umberlla ACL to map all other traffic. | + | !<notice> Define an umberlla ACL to map all other traffic.</notice> |
ip access-list extended ALL_TRAFFIC | ip access-list extended ALL_TRAFFIC | ||
permit ip any any | permit ip any any | ||
| − | !Define the VLAN access map. | + | !<notice> Define the VLAN access map.</notice> |
vlan access-map HTTP_UDP_MAP 10 | vlan access-map HTTP_UDP_MAP 10 | ||
match ip address HTTP_UDP_TRAFFIC | match ip address HTTP_UDP_TRAFFIC | ||
| Line 15: | Line 16: | ||
match ip address ALL_TRAFFIC | match ip address ALL_TRAFFIC | ||
action forward | action forward | ||
| − | !Apply the VLAN access map to the appropriate VLANs. | + | !<notice> Apply the VLAN access map to the appropriate VLANs.</notice> |
vlan filter HTTP_UDP_MAP vlan-list 100 | vlan filter HTTP_UDP_MAP vlan-list 100 | ||
| − | !--- Here 100 is the ID of VLAN on which the VACL is applied. | + | !<notice> --- Here 100 is the ID of VLAN on which the VACL is applied.</notice> |
! | ! | ||
| − | !Configure the Capture Port. | + | !<notice> Configure the Capture Port.</notice> |
int fa3/30 | int fa3/30 | ||
switchport capture allowed vlan ? | switchport capture allowed vlan ? | ||
Latest revision as of 07:51, 15 February 2017
Cisco Catalyst 6000/6500 Running Cisco IOS Software
!<notice> Define the interesting traffic to be caputured and sent to analysis.</notice>
ip access-list extended HTTP_UDP_TRAFFIC
permit tcp 10.20.20.128 0.0.0.127 host 10.10.10.101 eq www
permit udp any host 239.0.0.100
!<notice> Define an umberlla ACL to map all other traffic.</notice>
ip access-list extended ALL_TRAFFIC
permit ip any any
!<notice> Define the VLAN access map.</notice>
vlan access-map HTTP_UDP_MAP 10
match ip address HTTP_UDP_TRAFFIC
action forward capture
!
vlan access-map HTTP_UDP_MAP 20
match ip address ALL_TRAFFIC
action forward
!<notice> Apply the VLAN access map to the appropriate VLANs.</notice>
vlan filter HTTP_UDP_MAP vlan-list 100
!<notice> --- Here 100 is the ID of VLAN on which the VACL is applied.</notice>
!
!<notice> Configure the Capture Port.</notice>
int fa3/30
switchport capture allowed vlan ?
WORD VLAN IDs of the allowed VLANs when this po
add add VLANs to the current list
all all VLANs
except all VLANs except the following
remove remove VLANs from the current list
switchport capture allowed vlan 100
switchport capture
!