[c-nsp] Monitoring HTTP / url access @10gig
Phil Mayers
p.mayers at imperial.ac.uk
Mon Oct 5 10:11:29 EDT 2009
Ge Moua wrote:
> What code are you running on the Sup720 (3bxl ? I assume) ??
12.2(33)SXI, but we've seen other problems on other versions; I don't
have an exhaustive list, to hand.
The config is something along the lines of:
vlan access-map v6_Capture 10
match mac address PERMIT_ANY
action forward capture
vlan access-map v4_capture 10
match ip address WEB_TRAFFIC
action forward capture
vlan access-map v4_capture 20
match ip address PERMIT_ANY
action forward
vlan filter v6_capture vlan-list 4000
vlan filter v4_capture vlan-list 4001
int Vlan4000
description ipv6 upstream
ipv6 address 2001:db8:100::1/126
int Vlan4001
description ipv4 upstream
ipv6 address 192.0.2.1 255.255.255.252
int Te1/1
switchport mode trunk
switchport trunk allowed vlan 4000,4001
...now, this all *used* to work when we had:
int Vlan4000
description layer2 only vlan, goes to ipv6 router
no ip address
mac packet-classify
...that latter line is *ABSOLUTELY* necessary, as is the no-IP SVI. Once
we moved the routing onto the 6500, no combination of config would make
VACL capture the ipv6.
More information about the cisco-nsp
mailing list