1-6
Cisco ASA Series CLI Configuration Guide
Chapter 1 Troubleshooting
Capturing Packets
hostname (cfg-cluster)# cluster exec copy /pcap capture: cap_name
tftp://location/path/filename.pcap
Multiple PCAP files, one from each unit, are copied to the TFTP server. The destination capture file
name is automatically attached with the unit name, such as filename_A.pcap, filename_B.pcap, and so
on. In this example, A and B are cluster unit names. A different destination name is generated if you add
the unit name at the end of the filename.
To enable cluster-wide capture on a specified interface, you can add the cluster exec keywords in front
of each of the commands shown in the examples. These capture commands can only be replicated from
the master unit to the slave units. However, you can still configure a capture on the specified interface
for the local unit using any of these capture commands.
Examples
The following example shows how to create a cluster-wide LACP capture:
hostname (config)# cluster exec capture lacp type lacp interface gigabitEthernet0/0
The following example shows how to create a capture for control path packets in the clustering link:
hostname (config)# capture cp interface cluster match udp any eq 49495 any
hostname (config)# capture cp interface cluster match udp any any eq 49495
The following example shows how to create a capture for data path packets in the clustering link:
hostname (config)# access-list cc1 extended permit udp any any eq 4193
hostname (config)# access-list cc1 extended permit udp any eq 4193 any
hostname (config)# capture dp interface cluster access-list ccl
The following example shows how to capture data path traffic through the cluster:
hostname (config)# capture abc interface inside match tcp host 1.1.1.1 host 2.2.2.2 eq www
hostname (config)# capture abc interface inside match udp host 1.1.1.1 any
hostname (config)# capture abc interface inside access-list xxx
The following example shows how to capture logical update messages for flows that match the real
source to the real destination, and capture packets forwarded over CCL that match the real source to the
real destination:
hostname (config)# access-list dp permit ip real_src real_dst
The following example shows how to capture a certain type of data plane message, such as icmp echo
request/response, that is forwarded from one ASA to another ASA using the match keyword or the
access list for the message type:
hostname (config)# capture capture_name interface cluster access-list match icmp any any
The following example shows how to create a capture by using access list 103 on a cluster control link:
hostname (config)# access-list 103 permit ip A B
hostname (config)# capture example1 interface cluster access-list 103
In the previous example, if A and B are IP addresses for the CCL interface, only the packets that are sent
between these two units are captured.
If A and B are IP addresses for through-device traffic, then the following is true:
• Forwarded packets are captured as usual, provided the source and destination IP addresses are
matched with the access list.
To Next Page
Loading...
Need help?
General
