Cisco Nexus กับ feature acl-capture

เราสามารถทำการ SPAN เฉพาะ traffic ที่ตรงกับ access-list ได้โดยตัวอย่างจะเป็นการ capture เฉพาะ packet ที่มี destination tcp port 80

*ผมลองใช้ acl ที่ capture ที่เป็น icmp ไม่ได้ครับ (permit icmp any any capture session 1)

 

hardware access-list capture

interface Ethernet2/4
description ## HTTP capture traffic ##
switchport
switchport monitor
no shutdown

monitor session 1 type acl-capture
destination interface Ethernet2/4
no shut

ip access-list acl-capture-1
10 permit tcp any any eq www capture session 1
20 permit ip any any

interface Vlan15
ip access-group acl-capture-1 in

###

# sh monitor ses 1
session 1
—————
type : acl-capture
state : up
destination ports : Eth2/4

Note: Matching traffic sourced from the following interfaces
will not be captured to the destination port(s)
(source & destination on same replication engine):

Eth2/3 Eth2/4

 

Legend:
l = learning enabled
f = forwarding enabled
MCBE = multicast best effort
L3-TX = L3 Multicast Egress SPAN

# sh int e2/4 switchport

Name: Ethernet2/4
Switchport: Enabled
Switchport Monitor: Enabled
Operational Mode: access
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Trunking VLANs Allowed: 1-4094
FabricPath Topology List Allowed: 0
Administrative private-vlan primary host-association: none
Administrative private-vlan secondary host-association: none
Administrative private-vlan primary mapping: none
Administrative private-vlan secondary mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none

** ref: Cisco configuration guide