35-10
Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX
OL-4266-08
Chapter 35 Configuring VLAN ACLs
Configuring VACLs
To configure a capture port, perform this task:
When configuring a capture port, note the following information:
• You can configure any port as a capture port.
• The vlan_list parameter can be a single VLAN ID or a comma-separated list of VLAN IDs or VLAN
ID ranges (vlan_ID–vlan_ID).
• To encapsulate captured traffic, configure the capture port with the switchport trunk
encapsulation command (see the “Configuring a Layer 2 Switching Port as a Trunk” section on
page 10-8) before you enter the switchport capture command.
• For unencapsulated captured traffic, configure the capture port with the switchport mode access
command (see the “Configuring a LAN Interface as a Layer 2 Access Port” section on page 10-14)
before you enter the switchport capture command.
• The capture port supports only egress traffic. No traffic can enter the router through a capture port.
This example shows how to configure a Fast Ethernet interface 5/1 as a capture port:
Router(config)# interface gigabitEthernet 5/1
Router(config-if)# switchport capture
Router(config-if)# end
This example shows how to display VLAN access map information:
Router# show vlan access-map mordred
Vlan access-map "mordred" 10
match: ip address net_10
action: forward capture
Router#
This example shows how to display mappings between VACLs and VLANs. For each VACL map, there
is information about the VLANs that the map is configured on and the VLANs that the map is active on.
A VACL is not active if the VLAN does not have an interface.
Router# show vlan filter
VLAN Map mordred:
Configured on VLANs: 2,4-6
Active on VLANs: 2,4-6
Router#
Command Purpose
Step 1
Router(config)# interface {{
type
1
slot/port
}
1. type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet
Specifies the interface to configure.
Step 2
Router(config-if)# switchport capture allowed
vlan {add | all | except | remove}
vlan_list
(Optional) Filters the captured traffic on a
per-destination-VLAN basis. The default is all.
Router(config-if)# no switchport capture allowed
vlan
Clears the configured destination VLAN list and returns
to the default value (all).
Step 3
Router(config-if)# switchport capture
Configures the port to capture VACL-filtered traffic.
Router(config-if)# no switchport capture
Disables the capture function on the interface.
To Next Page
Loading...
