VACL capture ports Cisco IOS

From Teknologisk videncenter
Revision as of 08:51, 15 February 2017 by Heth (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Cisco Catalyst 6000/6500 Running Cisco IOS Software

!<notice> Define the interesting traffic to be caputured and sent to analysis.</notice>
ip access-list extended HTTP_UDP_TRAFFIC
 permit tcp host eq www
 permit udp any host
!<notice> Define an umberlla ACL to map all other traffic.</notice>
ip access-list extended ALL_TRAFFIC
 permit ip any any
!<notice> Define the VLAN access map.</notice>
vlan access-map HTTP_UDP_MAP 10
 match ip address HTTP_UDP_TRAFFIC
 action forward capture
vlan access-map HTTP_UDP_MAP 20
 match ip address ALL_TRAFFIC
 action forward
!<notice> Apply the VLAN access map to the appropriate VLANs.</notice>
vlan filter HTTP_UDP_MAP vlan-list  100
!<notice> --- Here 100 is the ID of VLAN on which the VACL is applied.</notice>
!<notice> Configure the Capture Port.</notice>
int fa3/30
 switchport capture allowed vlan ?

  WORD    VLAN IDs of the allowed VLANs when this po
  add     add VLANs to the current list
  all     all VLANs
  except  all VLANs except the following
  remove  remove VLANs from the current list

 switchport capture allowed vlan 100

 switchport capture