VACL capture ports Cisco IOS

From Teknologisk videncenter
Revision as of 07:51, 15 February 2017 by Heth (talk | contribs)
Jump to: navigation, search
!<notice> Define the interesting traffic to be caputured and sent to analysis.</notice>
ip access-list extended HTTP_UDP_TRAFFIC
 permit tcp 10.20.20.128 0.0.0.127 host  10.10.10.101 eq www
 permit udp any host 239.0.0.100
!<notice> Define an umberlla ACL to map all other traffic.</notice>
ip access-list extended ALL_TRAFFIC
 permit ip any any
!<notice> Define the VLAN access map.</notice>
vlan access-map HTTP_UDP_MAP 10
 match ip address HTTP_UDP_TRAFFIC
 action forward capture
!
vlan access-map HTTP_UDP_MAP 20
 match ip address ALL_TRAFFIC
 action forward
!<notice> Apply the VLAN access map to the appropriate VLANs.</notice>
vlan filter HTTP_UDP_MAP vlan-list  100
!<notice> --- Here 100 is the ID of VLAN on which the VACL is applied.</notice>
!
!<notice> Configure the Capture Port.</notice>
int fa3/30
 switchport capture allowed vlan ?

  WORD    VLAN IDs of the allowed VLANs when this po
  add     add VLANs to the current list
  all     all VLANs
  except  all VLANs except the following
  remove  remove VLANs from the current list

 switchport capture allowed vlan 100

 switchport capture
!

Links