Embedded Packet Capture Configuration Guide

Similar documents
Embedded Packet Capture Configuration Guide

Embedded Packet Capture Configuration Guide, Cisco IOS Release 15M&T

IP Addressing: Fragmentation and Reassembly Configuration Guide

IP Routing: ODR Configuration Guide, Cisco IOS Release 15M&T

Embedded Packet Capture

IP Addressing: Fragmentation and Reassembly Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)

NetFlow Configuration Guide

Flexible Netflow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)

Cisco Unified Communications Self Care Portal User Guide, Release

Software Configuration Guide, Cisco IOS XE Everest 16.6.x (Catalyst 9300 Switches)

IP Addressing: DNS Configuration Guide

Application Launcher User Guide

Cisco IOS Flexible NetFlow Command Reference

Cisco Discovery Protocol Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 920 Series)

Applying QoS Features Using the MQC

Cisco ASR 9000 Series Aggregation Services Router Netflow Command Reference, Release 4.3.x

Migration and Upgrade: Frequently Asked Questions

Cisco FindIT Plugin for Kaseya Quick Start Guide

IP Addressing: IPv4 Addressing Configuration Guide, Cisco IOS Release 12.4

Recovery Guide for Cisco Digital Media Suite 5.4 Appliances

IP Switching Configuring Fast Switching Configuration Guide Cisco IOS Release 15SY

IP Addressing: IPv4 Addressing Configuration Guide, Cisco IOS Release 15S

CPS UDC MoP for Session Migration, Release

Cisco TEO Adapter Guide for

Media Services Proxy Command Reference

Cisco TEO Adapter Guide for SAP Java

Cisco UCS Performance Manager Release Notes

Cisco TEO Adapter Guide for Microsoft System Center Operations Manager 2007

Installation and Configuration Guide for Visual Voic Release 8.5

Cisco 1000 Series Connected Grid Routers QoS Software Configuration Guide

Cisco TEO Adapter Guide for Microsoft Windows

Cisco TelePresence FindMe Cisco TMSPE version 1.2

Cisco UCS Virtual Interface Card Drivers for Windows Installation Guide

Cisco CIMC Firmware Update Utility User Guide

Enterprise Chat and Supervisor s Guide, Release 11.5(1)

Cisco Discovery Protocol Configuration Guide, Cisco IOS Release 15M&T

Cisco Unified Communications Manager Device Package 8.6(2)( ) Release Notes

Access Switch Device Manager Template Configuration

Cisco Unified Communications Self Care Portal User Guide, Release 11.5(1)

Cisco Evolved Programmable Network System Test Topology Reference Guide, Release 5.0

Cisco Nexus 1000V for KVM Interface Configuration Guide, Release 5.x

Cisco Nexus 7000 Series NX-OS Virtual Device Context Command Reference

Cisco IOS Shell Command Reference

Cisco UC Integration for Microsoft Lync 9.7(4) User Guide

Cisco Jabber IM for iphone Frequently Asked Questions

TechNote on Handling TLS Support with UCCX

Cisco Connected Mobile Experiences REST API Getting Started Guide, Release 10.2

Release Notes for Cisco Virtualization Experience Client 2111/2211 PCoIP Firmware Release 4.0.2

SAML SSO Okta Identity Provider 2

Cisco Nexus 9000 Series NX-OS Virtual Machine Tracker Configuration Guide, Release 9.x

Cisco UCS Performance Manager Release Notes

Method of Procedure for HNB Gateway Configuration on Redundant Serving Nodes

First Hop Redundancy Protocols Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)

Cisco UCS Performance Manager Release Notes

Cisco Terminal Services (TS) Agent Guide, Version 1.1

Cisco Report Server Readme

Flow Sensor and Load Balancer Integration Guide. (for Stealthwatch System v6.9.2)

Cisco TelePresence Management Suite Extension for Microsoft Exchange Software version 3.1

Cisco UCS Director API Integration and Customization Guide, Release 5.4

NNMi Integration User Guide for CiscoWorks Network Compliance Manager 1.6

Cisco Jabber for Android 10.5 Quick Start Guide

Cisco StadiumVision Management Dashboard Monitored Services Guide

Host Upgrade Utility User Guide for Cisco UCS E-Series Servers and the Cisco UCS E-Series Network Compute Engine

Cisco Unified Contact Center Express Historical Reporting Guide, Release 10.6(1)

Cisco Nexus 7000 Series Switches Configuration Guide: The Catena Solution

Cisco Unified Contact Center Express Historical Reporting Guide, Release 10.5(1)

Cisco Prime Home Device Driver Mapping Tool July 2013

Cisco UCS Director F5 BIG-IP Management Guide, Release 5.0

Validating Service Provisioning

Cisco Nexus 1000V for KVM REST API Configuration Guide, Release 5.x

Cisco Nexus 9000 Series NX-OS IP Fabric for Media Solution Guide, Release 7.0(3)I4(2)

Cisco TelePresence Management Suite Extension for Microsoft Exchange Software version 5.7. User Guide July 2018

Enterprise Chat and Upgrade Guide, Release 11.6(1)

Cisco Terminal Services (TS) Agent Guide, Version 1.1

Enterprise Chat and Administrator s Guide to System Console, Release 11.6(1)

Cisco Unified Communications Manager Device Package 10.5(1)( ) Release Notes

Secure Shell Configuration Guide, Cisco IOS XE Everest 16.6

VCS BSS/OSS Adaptor (BOA) 17.2 Release Notes

Cisco UCS C-Series IMC Emulator Quick Start Guide. Cisco IMC Emulator 2 Overview 2 Setting up Cisco IMC Emulator 3 Using Cisco IMC Emulator 9

Cisco TEO Adapter Guide for SAP ABAP

Cisco Nexus 3000 Series NX-OS Verified Scalability Guide, Release 7.0(3)I7(2)

IP Routing: RIP Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3650 Switches)

Prime Service Catalog: UCS Director Integration Best Practices Importing Advanced Catalogs

Cisco IP Phone Agent User Guide

Cisco IOS XR Carrier Grade NAT Command Reference for the Cisco CRS Router, Release 5.2.x

IP Application Services Configuration Guide, Cisco IOS Release 15SY

Cisco CSPC 2.7x. Configure CSPC Appliance via CLI. Feb 2018

Release Notes for Cisco Unified Intelligence Center, Release 10.0(1)

Cisco TelePresence Management Suite Extension for Microsoft Exchange Software version 5.0

MPLS: Layer 3 VPNs: Inter-AS and CSC Configuration Guide, Cisco IOS Release 15SY

Cisco Instant Connect MIDlet Reference Guide

Using NetFlow Sampling to Select the Network Traffic to Track

Flexible Netflow Configuration Guide, Cisco IOS Release 15S

Cisco Connected Grid Design Suite (CGDS) - Substation Workbench Designer User Guide

Cisco Unified Contact Center Express Release Notes 10.6(1)SU2

IP Multicast: Multicast Services Configuration Guide, Cisco IOS XE Release 3S

Cisco Prime Network Registrar IPAM MySQL Database Replication Guide

Cisco Proximity Desktop

Flexible NetFlow Full Flow support

Cisco Terminal Services (TS) Agent Guide, Version 1.0

Transcription:

Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of the UNIX operating system. All rights reserved. Copyright 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED AS IS" WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com go trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1721R) 2018 Cisco Systems, Inc. All rights reserved.

CONTENTS CHAPTER 1 Read Me First 1 CHAPTER 2 Embedded Packet Capture Overview 3 Finding Feature Information 3 Prerequisites for Embedded Packet Capture 3 Restrictions for Embedded Packet Capture 4 Information About Embedded Packet Capture 4 Embedded Packet Capture Overview 4 Benefits of Embedded Packet Capture 4 Packet Data Capture 5 How to Implement Embedded Packet Capture 5 Managing Packet Data Capture 5 Monitoring and Maintaining Captured Data 7 Configuration Examples for Embedded Packet Capture 8 Managing Packet Data Capture 8 Monitoring and Maintaining Captured Data 8 Additional References 11 Feature Information for Embedded Packet Capture 11 iii

Contents iv

CHAPTER 1 Read Me First Important Information about Cisco IOS XE 16 Effective Cisco IOS XE Release 3.7.0E (for Catalyst Switching) and Cisco IOS XE Release 3.17S (for Access and Edge Routing) the two releases evolve (merge) into a single version of converged release the Cisco IOS XE 16 providing one release covering the extensive range of access and edge products in the Switching and Routing portfolio. Feature Information Use Cisco Feature Navigator to find information about feature support, platform support, and Cisco software image support. An account on Cisco.com is not required. Related References Cisco IOS Command References, All Releases Obtaining Documentation and Submitting a Service Request For information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a service request, and gathering additional information, see What's New in Cisco Product Documentation. To receive new and revised Cisco technical content directly to your desktop, you can subscribe to the What's New in Cisco Product Documentation RSS feed. RSS feeds are a free service. 1

Read Me First 2

CHAPTER 2 Embedded Packet Capture Overview Embedded Packet Capture (EPC) provides an embedded systems management facility that helps in tracing and troubleshooting packets. This feature allows network administrators to capture data packets flowing through, to, and from a Cisco device. The network administrator may define the capture buffer size and type (circular, or linear), the maximum number of bytes of each packet to capture, and the direction of the traffic flow - ingress or egress, or both. The packet capture rate can be throttled using further administrative controls. For example, you can use the available options for filtering the packets to be captured using an Access Control List; and, optionally, further defined by specifying a maximum packet capture rate or by specifying a sampling interval. Finding Feature Information, on page 3 Prerequisites for Embedded Packet Capture, on page 3 Restrictions for Embedded Packet Capture, on page 4 Information About Embedded Packet Capture, on page 4 How to Implement Embedded Packet Capture, on page 5 Configuration Examples for Embedded Packet Capture, on page 8 Additional References, on page 11 Feature Information for Embedded Packet Capture, on page 11 Finding Feature Information Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table. Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required. Prerequisites for Embedded Packet Capture The Embedded Packet Capture (EPC) software subsystem consumes CPU and memory resources during its operation. You must have adequate system resources for different types of operations. Some guidelines for using the system resources are provided in the table below. 3

Restrictions for Embedded Packet Capture Embedded Packet Capture Overview Table 1: System Requirements for the EPC Subsystem System Resources Hardware Memory Diskspace Requirements CPU utilization requirements are platform dependent. The packet buffer is stored in DRAM. The size of the packet buffer is user specified. Packets can be exported to external devices. No intermediate storage on flash disk is required. Restrictions for Embedded Packet Capture Embedded Packet Capture (EPC) captures multicast packets only on ingress and does not capture the replicated packets on egress. From Cisco IOS XE Release 3.7S, Embedded Packet Capture is only supported on Advance Enterprise Krypto (K9) images. From Cisco IOS XE Release 3.9S, Embedded Packet Capture is available on the following images: IP Base Images Special Services Images Advance Security Images Advance IP Services Images Advance Enterprise Images Information About Embedded Packet Capture Embedded Packet Capture Overview Embedded Packet Capture (EPC) provides an embedded systems management facility that helps in tracing and troubleshooting packets. This feature allows network administrators to capture data packets flowing through, to, and from a Cisco device. The network administrator may define the capture buffer size and type (circular, or linear), the maximum number of bytes of each packet to capture, and the direction of the traffic flow - ingress or egress, or both. The packet capture rate can be throttled using further administrative controls. For example, you can use the available options for filtering the packets to be captured using an Access Control List; and, optionally, further defined by specifying a maximum packet capture rate or by specifying a sampling interval. Benefits of Embedded Packet Capture Ability to capture IPv4 and IPv6 packets in the device. Extensible infrastructure for enabling packet capture points. A capture point is a traffic transit point where a packet is captured and associated with a buffer. 4

Embedded Packet Capture Overview Packet Data Capture Facility to export the packet capture in packet capture file (PCAP) format suitable for analysis using any external tool. Methods to decode data packets captured with varying degrees of detail. Packet Data Capture Packet data capture is the capture of data packets that are then stored in a buffer. You can define packet data captures by providing unique names and parameters. You can perform the following actions on the capture: Activate captures at any interface. Apply access control lists (ACLs) or class maps to capture points. Note Network Based Application Recognition (NBAR) and MAC-style class map is not supported. Destroy captures. Specify buffer storage parameters such as size and type. The size ranges from 1 MB to 100 MB. The default buffer is linear; the other option for the buffer is circular. Specify any of the following limit options: duration - limit total duration of capture in seconds. every - limit capture to one in every nth packet. packet-len - limit the packet length to capture. packets - limit number of packets to capture. pps - limit number of packets per second to capture. Specify match criteria that includes information about the protocol, IP address or port address. How to Implement Embedded Packet Capture Managing Packet Data Capture SUMMARY STEPS 1. enable 2. monitor capture capture-name access-list access-list-name 3. monitor capture capture-name limit duration seconds 4. monitor capture capture-name interface interface-name both 5. monitor capture capture-name buffer circular size bytes 5

Managing Packet Data Capture Embedded Packet Capture Overview 6. monitor capture capture-name start 7. monitor capture capture-name export file-location/file-name 8. monitor capture capture-name stop 9. end DETAILED STEPS Step 1 Step 2 Command or Action enable Device> enable monitor capture capture-name access-list access-list-name Device# monitor capture mycap access-list v4acl Purpose Enables privileged EXEC mode. Enter your password if prompted. Configures a monitor capture specifying an access list as the core filter for the packet capture. Step 3 monitor capture capture-name limit duration seconds Configures monitor capture limits. Device# monitor capture mycap limit duration 1000 Step 4 monitor capture capture-name interface interface-name both Device# monitor capture mycap interface GigabitEthernet 0/0/1 both Configures monitor capture specifying an attachment point and the packet flow direction. Note To change the traffic direction from both to in (ingress direction), enter the no monitor capture capture-name interface interface-name out command. To change the traffic direction from both to out (egress direction), enter the no monitor capture capture-name interface interface-name in command. Step 5 monitor capture capture-name buffer circular size bytes Device# monitor capture mycap buffer circular size 10 Configures a buffer to capture packet data. Step 6 Step 7 monitor capture capture-name start Device# monitor capture mycap start monitor capture capture-name export file-location/file-name Starts the capture of packet data at a traffic trace point into a buffer. Exports captured data for analysis. 6

Embedded Packet Capture Overview Monitoring and Maintaining Captured Data Step 8 Step 9 Command or Action Device# monitor capture mycap export tftp://10.1.88.9/mycap.pcap monitor capture capture-name stop Device# monitor capture mycap stop end Device# end Purpose Stops the capture of packet data at a traffic trace point. Exits privileged EXEC mode. Monitoring and Maintaining Captured Data Perform this task to monitor and maintain the packet data captured. Capture buffer details and capture point details are displayed. SUMMARY STEPS 1. enable 2. show monitor capture capture-buffer-name buffer dump 3. show monitor capture capture-buffer-name parameter 4. debug epc capture-point 5. debug epc provision 6. exit DETAILED STEPS Step 1 Step 2 Command or Action enable Device> enable show monitor capture capture-buffer-name buffer dump Purpose Enables privileged EXEC mode. Enter your password if prompted. (Optional) Displays a hexadecimal dump of captured packet and its metadata. Step 3 Device# show monitor capture mycap buffer dump show monitor capture capture-buffer-name parameter (Optional) Displays a list of commands that were used to specify the capture. Step 4 Device# show monitor capture mycap parameter debug epc capture-point (Optional) Enables packet capture point debugging. 7

Configuration Examples for Embedded Packet Capture Embedded Packet Capture Overview Command or Action Purpose Step 5 Device# debug epc capture-point debug epc provision (Optional) Enables packet capture provisioning debugging. Step 6 Device# debug epc provision exit Exits privileged EXEC mode. Device# exit Configuration Examples for Embedded Packet Capture Managing Packet Data Capture The following example shows how to manage packet data capture: Device> enable Device# monitor capture mycap start Device# monitor capture mycap access-list v4acl Device# monitor capture mycap limit duration 1000 Device# monitor capture mycap interface GigabitEthernet 0/0/1 both Device# monitor capture mycap buffer circular size 10 Device# monitor capture mycap start Device# monitor capture mycap export tftp://10.1.88.9/mycap.pcap Device# monitor capture mycap stop Device# end Monitoring and Maintaining Captured Data The following example shows how to dump packets in ASCII format: Device# show monitor capture mycap buffer dump 0 0000: 01005E00 00020000 0C07AC1D 080045C0..^...E. 0010: 00300000 00000111 CFDC091D 0002E000.0... 0020: 000207C1 07C1001C 802A0000 10030AFA...*... 0030: 1D006369 73636F00 0000091D 0001..example... 1 0000: 01005E00 0002001B 2BF69280 080046C0..^...+...F. 0010: 00200000 00000102 44170000 0000E000....D... 0020: 00019404 00001700 E8FF0000 0000... 2 0000: 01005E00 0002001B 2BF68680 080045C0..^...+...E. 0010: 00300000 00000111 CFDB091D 0003E000.0... 0020: 000207C1 07C1001C 88B50000 08030A6E...n 8

Embedded Packet Capture Overview Monitoring and Maintaining Captured Data 0030: 1D006369 73636F00 0000091D 0001..example... 3 0000: 01005E00 000A001C 0F2EDC00 080045C0..^...E. 0010: 003C0000 00000258 CE7F091D 0004E000.<...X... 0020: 000A0205 F3000000 00000000 00000000... 0030: 00000000 00D10001 000C0100 01000000... 0040: 000F0004 00080501 0300... The following example shows how to display the list of commands used to configure the capture named mycap: Device# show monitor capture mycap parameter monitor capture mycap interface GigabitEthernet 1/0/1 both monitor capture mycap match any monitor capture mycap buffer size 10 monitor capture mycap limit pps 1000 The following example shows how to debug the capture point: Device# debug epc capture-point EPC capture point operations debugging is on Device# monitor capture mycap start *Jun 4 14:17:15.463: EPC CP: Starting the capture cap1 *Jun 4 14:17:15.463: EPC CP: (brief=3, detailed=4, dump=5) = 0 *Jun 4 14:17:15.463: EPC CP: final check before activation *Jun 4 14:17:15.463: EPC CP: setting up c3pl infra *Jun 4 14:17:15.463: EPC CP: Setup c3pl acl-class-policy *Jun 4 14:17:15.463: EPC CP: Creating a class *Jun 4 14:17:15.464: EPC CP: Creating a class : Successful *Jun 4 14:17:15.464: EPC CP: class-map Created *Jun 4 14:17:15.464: EPC CP: creating policy-name epc_policy_cap1 *Jun 4 14:17:15.464: EPC CP: Creating Policy epc_policy_cap1 of type 49 and client type 21 *Jun 4 14:17:15.464: EPC CP: Storing a Policy *Jun 4 14:17:15.464: EPC CP: calling ppm_store_policy with epc_policy *Jun 4 14:17:15.464: EPC CP: Creating Policy : Successful *Jun 4 14:17:15.464: EPC CP: policy-map created *Jun 4 14:17:15.464: EPC CP: creating filter for ANY *Jun 4 14:17:15.464: EPC CP: Adding acl to class : Successful *Jun 4 14:17:15.464: EPC CP: Setup c3pl class to policy *Jun 4 14:17:15.464: EPC CP: Attaching Class to Policy *Jun 4 14:17:15.464: EPC CP: Attaching epc_class_cap1 to epc_policy_cap1 *Jun 4 14:17:15.464: EPC CP: Attaching Class to Policy : Successful *Jun 4 14:17:15.464: EPC CP: setting up c3pl qos *Jun 4 14:17:15.464: EPC CP: DBG> Set packet rate limit to 1000 *Jun 4 14:17:15.464: EPC CP: creating action for policy_map epc_policy_cap1 class_map epc_class_cap1 *Jun 4 14:17:15.464: EPC CP: DBG> Set packet rate limit to 1000 *Jun 4 14:17:15.464: EPC CP: Activating Interface GigabitEthernet1/0/1 direction both *Jun 4 14:17:15.464: EPC CP: Id attached 0 *Jun 4 14:17:15.464: EPC CP: inserting into active lists *Jun 4 14:17:15.464: EPC CP: Id attached 0 *Jun 4 14:17:15.465: EPC CP: inserting into active lists *Jun 4 14:17:15.465: EPC CP: Activating Vlan *Jun 4 14:17:15.465: EPC CP: Deleting all temp interfaces *Jun 4 14:17:15.465: %BUFCAP-6-ENABLE: Capture Point cap1 enabled. *Jun 4 14:17:15.465: EPC CP: Active Capture 1 9

Monitoring and Maintaining Captured Data Embedded Packet Capture Overview Device# monitor capture mycap1 stop *Jun 4 14:17:31.963: EPC CP: Stopping the capture cap1 *Jun 4 14:17:31.963: EPC CP: Warning: unable to unbind capture cap1 *Jun 4 14:17:31.963: EPC CP: Deactivating policy-map *Jun 4 14:17:31.963: EPC CP: Policy epc_policy_cap1 *Jun 4 14:17:31.964: EPC CP: Deactivating policy-map Successful *Jun 4 14:17:31.964: EPC CP: removing povision feature *Jun 4 14:17:31.964: EPC CP: Found action for policy-map epc_policy_cap1 class-map epc_class_cap1 *Jun 4 14:17:31.964: EPC CP: cleanning up c3pl infra *Jun 4 14:17:31.964: EPC CP: Removing Class epc_class_cap1 from Policy *Jun 4 14:17:31.964: EPC CP: Removing Class from epc_policy_cap1 *Jun 4 14:17:31.964: EPC CP: Successfully removed *Jun 4 14:17:31.964: EPC CP: Removing acl mac from class *Jun 4 14:17:31.964: EPC CP: Removing acl from class : Successful *Jun 4 14:17:31.964: EPC CP: Removing all policies *Jun 4 14:17:31.964: EPC CP: Removing Policy epc_policy_cap1 *Jun 4 14:17:31.964: EPC CP: Removing Policy : Successful *Jun 4 14:17:31.964: EPC CP: Removing class epc_class_cap1 *Jun 4 14:17:31.965: EPC CP: Removing class : Successful *Jun 4 14:17:31.965: %BUFCAP-6-DISABLE: Capture Point cap1 disabled. *Jun 4 14:17:31.965: EPC CP: Active Capture 0 The following example shows how to debug the Embedded Packet Capture (EPC) provisioning: Device# debug epc provision EPC provisionioning debugging is on Device# monitor capture mycap start *Jun 4 14:17:54.991: EPC PROV: No action found for policy-map epc_policy_cap1 class-map epc_class_cap1 *Jun 4 14:17:54.991: EPC PROV: *Jun 4 14:17:54.991: Attempting to install service policy epc_policy_cap1 *Jun *Jun *Jun *Jun *Jun *Jun 4 14:17:54.992: EPC PROV: Attached service policy to epc idb subblock 4 14:17:54.992: EPC PROV: Successful. Create feature object 4 14:17:54.992: EPC PROV: 4 14:17:54.992: Attempting to install service policy epc_policy_cap1 4 14:17:54.992: EPC PROV: Successful. Create feature object 4 14:17:54.992: %BUFCAP-6-ENABLE: Capture Point cap1 enabled. Device# monitor capture mycap stop *Jun 4 14:18:02.503: EPC PROV: Successful. Remove feature object *Jun 4 14:18:02.504: EPC PROV: Successful. Remove feature object *Jun 4 14:18:02.504: EPC PROV: Destroyed epc idb subblock *Jun 4 14:18:02.504: EPC PROV: Found action for policy-map epc_policy_cap1 class-map epc_class_cap1 *Jun 4 14:18:02.504: EPC PROV: Deleting EPC action *Jun 4 14:18:02.504: EPC PROV: Successful. CLASS_REMOVE, policy-map epc_policy_cap1, class epc_class_cap1 *Jun 4 14:18:02.504: %BUFCAP-6-DISABLE: Capture Point cap1 disabled. 10

Embedded Packet Capture Overview Additional References Additional References Related Documents Related Topic Cisco IOS commands Embedded Packet Capture commands Document Title Cisco IOS Master Command List, All Releases Cisco IOS Embedded Packet Capture Command Reference Technical Assistance Description The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password. Link http://www.cisco.com/cisco/web/support/index.html Feature Information for Embedded Packet Capture The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature. Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required. 11

Feature Information for Embedded Packet Capture Embedded Packet Capture Overview Table 2: Feature Information for Embedded Packet Capture Feature Name Embedded Packet Capture Releases Cisco IOS XE Release 3.7S Feature Information Embedded Packet Capture (EPC) is an onboard packet capture facility that allows network administrators to capture packets flowing to, through, and from a device and to analyze them locally or save and export them for offline analysis using a tool such as Wireshark. This feature simplifies operations by allowing the devices to become active participants in the management and operation of the network. This feature facilitates better troubleshooting by gathering information about packet format. It also facilitates application analysis and security. The following commands were introduced or modified: debug epc, monitor capture (access list/class map), monitor capture (interface/control plane), monitor capture export, monitor capture limit, monitor capture start, monitor capture stop, and show monitor capture. 12

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback