ACLs can match based on granular IP- or MAC-based parameters,including L4 protocol and port numbers, packet length, etc.Sizeable pool of hardware resources available for classification -64K CL TCAM entries.Nexus 7000 ACLs enforced by hardware forwarding engine at wire rate.However, this limitation can be avoided with a use of ACL logging to sample specific packets from data plane. The Ethanalyzer captures only traffic on CPU, so seems as unsuitable solution for the data plane traffic analysis. Switch# ethanalyzer local interface inband capture-filter " ip proto 89" limit-captured-frames 0 write logflash:ospf.pcapĪCLs and Ethanalyzer for Data Plane Sampling Nexus7000# ethanalyzer local read bootflash:sniff_capture Read the ethanalyzer ouput from a file on bootflash: (You can also add a “pipe” to the end): Nexus7000# ethanalyzer local interface inband write bootflash:sniff_captureĢ. Write the ethanalyzer ouput to a file on bootflash: Ip.src=x.x.x.x, frame.len > x, = Ĭaptured packet data can be written to different locations for easy debugging:īootflash:, logflash:, slot0:, usb1:, usb2:, volatile:ġ. display-filter: standard wireshark display filter syntax Tcp/udp port, src/dst portrange, src/dst port, src/dst host, src/dst net, less/greater, vlan etc …Ģ. capture-filter: standard tcmdump capture filter syntax See the Wireshark weekly tips for helpful hints on using the tool.ġ. Opens the captured data file and analyzes it.Įthanalyzer does not capture data traffic that Cisco NX-OS forwards in the hardware but you can use ACLs with log option as a workaround (see the corresponding paragraph below).Įthanalyzer uses the same capture filter syntax as tcpdump and uses the Wireshark display filter syntax. To configure Ethanalyzer, use the following commands:Ĭaptures packets sent or received by the supervisor and provides detailed protocol information.Ĭaptures packets sent or received by the supervisor and provides detailed protocol information in the inband and outband interfaces.Ĭaptures packets sent or received by the supervisor and provides detailed protocol information in the management interfaces.Įthanalyzer local interface write This document covers configuration of Ethanalyzer, examples of its implementation and Ethanalyzer usage together with ACLs "log" option to sniff data plane traffic. You can use Ethanalyzer to troubleshoot your network and analyze the control-plane traffic. Ethanalyzer is a command-line version of Wireshark that captures and decodes packets. ACLs and Ethanalyzer for Data Plane SamplingĮthanalyzer is a Cisco NX-OS protocol analyzer tool based on the Wireshark (formerly Ethereal) open source code.File logging limitations and enhancements.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |