[nsp] Cat6500 Span limits and VACL to capture

Steve Francis steve at expertcity.com
Mon May 24 10:43:53 EDT 2004 

Carles Fragoso i Mariscal wrote:

>- If I only want to capture traffic between host a.b.c.d and
>e.f.g.h as detailed on ACL, is a seq 20 on TESTING vlan access-map 
>necessary in order to allow the rest of the traffic being forwarded?
>  
>
Yes.  Otherwise the VACL is like other ACLs- implicit deny any at the end.

>- That means that if I would like to do two monitoring ports, the
>only way to limit visibility amongst them is filtering based on
>vlan, isn't it? swichport capture allowed vlan 10.
>  
>
Correct.

>Is there any kind of limitation on doing this kind of capture?
>  
>
AFAIK, Only that "When the log action is specified, dropped packets are 
logged in software. Only dropped IP packets can be logged"
And a caveat is that IP packets do not match MAC VACL filters.

>Sorry if it is a silly question but I was used to use span's 
>instead of capture vacl concept.
>
>Thanks in advance! ;)
>
>-- Carlos
>
>
>-----Mensaje original-----
>De: Steve Francis [mailto:steve at expertcity.com]
>Enviado el: lunes, 24 de mayo de 2004 5:03
>Para: Carles Fragoso i Mariscal
>CC: cisco-nsp at puck.nether.net
>Asunto: Re: [nsp] Cat6500 Span limits and VACL to capture
>
>
>Carles Fragoso i Mariscal wrote:
>
>  
>
>>Secondly, I have been told that there is a way of doing a L2 VACL that
>>allows to forward ACL-matched traffic to a span port. Anyone has done
>>it and could give me an example on that?
>>
>>I have tried defining an 'vlan access-map' and applying it with 'vlan 
>>filter' but I can't find the way of setting the destination span.
>>Is it possible to apply it on a L2 port instead of VLAN basis?
>> 
>>
>>    
>>
>switchport capture
>on the destination port.
>
>  
>
>>Thanks in advance to everyone,
>>____________________________________________________
>>         __
>>        / /          Carles Fragoso i Mariscal
>>  C E / S / C A   Communications & Operations Dept.
>>      /_/              <cfragoso at cesca.es>
>>
>>          Supercomputing Center of Catalonia
>>    	    CATalonia Neutral Internet eXchange
>>         Tlf: +34932056464  Fax: +34932056979
>>___________________________________________________
>>_______________________________________________
>>cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>https://puck.nether.net/mailman/listinfo/cisco-nsp
>>archive at http://puck.nether.net/pipermail/cisco-nsp/
>> 
>>
>>    
>>
>
>
>  
>

More information about the cisco-nsp mailing list