VACL capture ports Cisco IOS
From Teknologisk videncenter
!<notice> Define the interesting traffic to be caputured and sent to analysis.</notice>
ip access-list extended HTTP_UDP_TRAFFIC
permit tcp 10.20.20.128 0.0.0.127 host 10.10.10.101 eq www
permit udp any host 239.0.0.100
!<notice> Define an umberlla ACL to map all other traffic.</notice>
ip access-list extended ALL_TRAFFIC
permit ip any any
!<notice> Define the VLAN access map.</notice>
vlan access-map HTTP_UDP_MAP 10
match ip address HTTP_UDP_TRAFFIC
action forward capture
!
vlan access-map HTTP_UDP_MAP 20
match ip address ALL_TRAFFIC
action forward
!<notice> Apply the VLAN access map to the appropriate VLANs.</notice>
vlan filter HTTP_UDP_MAP vlan-list 100
!<notice> --- Here 100 is the ID of VLAN on which the VACL is applied.</notice>
!
!<notice> Configure the Capture Port.</notice>
int fa3/30
switchport capture allowed vlan ?
WORD VLAN IDs of the allowed VLANs when this po
add add VLANs to the current list
all all VLANs
except all VLANs except the following
remove remove VLANs from the current list
switchport capture allowed vlan 100
switchport capture
!