On Thu, 2013-03-14 at 17:38 +0100, "Rolf Hanßen" wrote: > I saw there was already a discussion concerning that topic, but 5 > years old: > http://www.gossamer-threads.com/lists/cisco/nsp/78543 > Is there maybe some new tcpdump-style debugging feature available to > provide such functions beside the suggested "debug ip packet"?
Take a look at "monitor session <N> type capture". > 1) I like to view traffic on a certain physical interface or switched > vlan. I would like to see all packets and not a specific protocol or > IP range. > As far as I see I cannot specify an interface in an ACL but the "debug > ip packet" only allows ACLs for filtering as far as I see. SPAN capture can use an ACL. Switch(config)#monitor session 2 type capture Switch(config-mon-capture)#? Monitor sess type capture config commands: buffer-size Capture buffer size description Properties for this session exit Exit from capture session mode filter Capture filter no Negate a command or set its defaults rate-limit Packets per second value source SPAN source Interface/VLAN Switch(config-mon-capture)#filter ? access-group Filter access-list (hardware based) ethertype Matching ethertype (software based) length Matching L2-packet length (software based) mac-address Matching mac-address (software-based) vlan Filter vlan (hardware based) > 2) I like to debug an IP connection and limit to a certain amount of > packets (like "show me the next 20 packets from/to host x.x.x.x"). > Can you tell me what bandwidth or pps I have to take into > consideration to avoid overload ? This too: Switch#monitor capture start for ? <1-4294967295> Seconds or number of packets > To understand better what I do before typing it in on a 10G+ box: > "debug ip packet ..." redirects the packets to the Management CPU and > everything filtered with an ACL leads into only packets matching ALC > are forwarded to the CPU, everything else is handled by the DFC/CFC > +PFC only like usual. > Correct ? I don't think that's the case for "debug ip packet" but it is for SPAN capture; it's hardware filtering for ACLs. > Im looking for a way that works without exporting stuff to another box > and low risk to overload CPU (live environment). The captured traffic is handled by the processor, but only after filtering from the session if using ACLs. > Hardware in my case are several Sup720-3B, Sup720-3BXL or Sup2T with > 67xx linecards. > If there are special software revisions needed, please let me know. It seems that SPAN capture isn't available in SXF but is in SXI. It probably also is in SXH. Maybe certain older HW releases can't do SPAN capture but at least revision 4.0 and newer (2004/2005-ish) seem to support it. -- Peter _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
