rtr1841#monitor capture buffer FOO size 1000 Here’s a sample showing setting up a buffer,a capture point, associating them, and capturing CEF packets in an 1841 router. No (but you didn’t really want hex, did you?) SPAN from VLAN, ACL, MAC, specific Ethertype, etc.Ĭontrol plane packets only (to/from device)
Please comment if you find differently.ĬEF or process-switched, interface(s) or to device Caveat: I’ve done the best I can tell from the documentation, in cases where I don’t have the hardware handy. Here’s a table I pulled together summarizing what these packet capture tools do. But you probably don’t want to be running code that old anyway!Įthanalyzer is control plane only. I’m not readily finding information about what code release it first appeared in. packets dropped by an access list (ACL).Įthanalyzer has been in NX-OS on the Nexus platforms for a while. There are some caveats about what is not captured, e.g. (See the first link below.) The Fine Manual says works in 12.2(33)SXI for the 6500.Ĭat 4500X-32, Sup 7E, 7LE and Sup 8, running Cisco IOS Release XE 3.3.0SG or later code. It apparently operated in router IOS 12.4(20)T and later. This feature dates back a while, reportedly operates in Cisco 6500 switches running Catalyst 6500/7600 IOS 12.2(33)SXI or later. Looking at the last reference below, it appears the name EPC is shared but the actual syntax and capabilities differ between the platforms. And it works in the 6500 switches as of IOS 12.2(33) SXI, on the 7600 as of 12.2(33) SRD.ĮPC apparently replaces / improves on RITE (Router IP Traffic Export), which was in the ISR G1 routers in previous code. It also works in the ASR1K, IOS-XE 3S release. Let’s dig right in with EPC… IOS Embedded Packet Capture (EPC)ĮPC is supported in ISR and 7200 routers, in code releases 12.4(20) T and later. Packet capture is not a feature I use very often, so there’s been progress that I (and you!) might not have been aware of. I’m writing this blog as I’ve been exploring the packet capture side of Cisco devices as CCIE recert prep (EPC, WireShark Trace Analyzer). That’s also the bad news: there are many different ways to do differing degrees of capture, depending on the device type! No doubt this is a side effect of the independent and somewhat Darwinian nature of product groups within Cisco.
The good news is that there are lots of ways to capture packets on Cisco device.
0 kommentar(er)
