<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2900.3243" name=GENERATOR></HEAD>
<BODY>
<DIV>
<DIV dir=ltr align=left><FONT face=Arial size=2><SPAN
class=470394707-18032008><SPAN class=167520601-19032008>Hi
Guys,</SPAN></SPAN></FONT></DIV>
<DIV dir=ltr align=left><FONT face=Arial size=2><SPAN
class=470394707-18032008><SPAN
class=167520601-19032008></SPAN></SPAN></FONT> </DIV>
<DIV dir=ltr align=left><FONT face=Arial size=2><SPAN
class=470394707-18032008><SPAN class=167520601-19032008>Playing around with VACL
on a 6500 and trying to capture port 80 traffic on vlan 11and send this to
capture port g5/1.</SPAN></SPAN></FONT></DIV>
<DIV dir=ltr align=left><FONT face=Arial size=2><SPAN
class=470394707-18032008><SPAN
class=167520601-19032008></SPAN></SPAN></FONT> </DIV>
<DIV dir=ltr align=left><FONT face=Arial size=2><SPAN
class=470394707-18032008><SPAN class=167520601-19032008>My config is below.
</SPAN></SPAN></FONT><FONT face=Arial size=2><SPAN
class=470394707-18032008><SPAN class=167520601-19032008>It's basically taken
from a guide by Cisco.</SPAN></SPAN></FONT></DIV>
<DIV dir=ltr align=left><FONT face=Arial size=2><SPAN
class=470394707-18032008><STRONG><SPAN
class=167520601-19032008></SPAN></STRONG></SPAN></FONT> </DIV>
<DIV dir=ltr align=left><FONT><SPAN class=470394707-18032008><SPAN
class=167520601-19032008>
<DIV><FONT face=Arial color=#000000 size=2><A
title=http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/configuration/guide/vacl.html
href="http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/configuration/guide/vacl.html"><STRONG>http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/configuration/guide/vacl.html</STRONG></A></FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><SPAN class=167520601-19032008><FONT face=Arial size=2>My problem is that
we aren't seeing any traffic being captured on the capture
port.</FONT></SPAN></DIV>
<DIV><SPAN class=167520601-19032008><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=167520601-19032008><FONT face=Arial size=2>We aren't seeing any
counters increasing when viewing the extended access list of HTTP_TRAFFIC and
VLAN11_TRAFFIC - BUT if we accidentally remove HTTP_CAPTURE 20 (permit ip any
any), out network dies because it's now only letting WWW traffic through so I'm
thinking the VACL is working but for some reason it's not sending captured
packets to the capture port. Any ideas???</FONT></SPAN></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV></SPAN></SPAN></FONT></DIV>
<DIV dir=ltr align=left><FONT face=Arial size=2><SPAN
class=470394707-18032008><STRONG>1/ Define the interesting
traffic.</STRONG></SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr align=left><FONT face=Arial size=2><SPAN
class=470394707-18032008>ip access-list extended HTTP_TRAFFIC<BR>permit tcp any
any eq www</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr align=left><FONT face=Arial size=2><SPAN
class=470394707-18032008>ip access-list extended VLAN11_TRAFFIC<BR>permit ip any
any</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV><FONT color=#0000ff><SPAN
class=470394707-18032008>
<DIV dir=ltr align=left><STRONG><FONT face=Arial color=#000000 size=2>2/ Define
the VLAN access map.</FONT></STRONG></DIV>
<DIV><FONT face=Arial color=#000000 size=2></FONT> </DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#000000 size=2>vlan access-map
HTTP_CAPTURE 10<BR>match ip address HTTP_TRAFFIC<BR>action forward
capture</FONT></DIV>
<DIV><FONT face=Arial color=#000000 size=2></FONT> </DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#000000 size=2>vlan access-map
HTTP_CAPTURE 20<BR>match ip address VLAN11_TRAFFIC<BR>action
forward</FONT></DIV>
<DIV><BR><STRONG><FONT face=Arial color=#000000 size=2>3/ Apply the VLAN access
map to the appropriate VLANs.</FONT></STRONG></DIV>
<DIV><FONT face=Arial color=#000000 size=2></FONT> </DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#000000 size=2>vlan filter
HTTP_CAPTURE vlan-list 11</FONT></DIV>
<DIV><FONT face=Arial color=#000000 size=2></FONT> </DIV>
<DIV dir=ltr align=left><STRONG><FONT face=Arial color=#000000 size=2>4/
Configure the Capture Port.</FONT></STRONG></DIV>
<DIV><FONT face=Arial color=#000000 size=2></FONT> </DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#000000 size=2>int
g5/1<BR>switchport capture allowed vlan 11<BR>switchport capture</FONT></DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#000000
size=2></FONT> </DIV>
<DIV dir=ltr align=left><SPAN class=167520601-19032008><FONT face=Arial
color=#000000 size=2>Thanks.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=167520601-19032008><FONT face=Arial
color=#000000 size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=167520601-19032008><FONT face=Arial
color=#000000 size=2>Andy</DIV></FONT></SPAN></SPAN></FONT></DIV></BODY><!--[object_id=#staff.netspace.net.au#]--><P align=left><FONT face=Arial size=1>This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. Please notify the sender immediately by email if you have received this email by mistake and delete this email from your system. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the organisation. Finally, the recipient should check this email and any attachments for the presence of viruses. The organisation accepts no liability for any damage caused by any virus transmitted by this email.</FONT></P></HTML>