IP traffic capture is supported only on the Cisco 1841, Cisco 2800 series, and Cisco 3800 series integrated services routers.
Steps to configure RITE for local capture:
1. Create a capture profile:
Router(config)#ip traffic-export profile TEST mode capture
Router(conf-rite)#bidirectional
Router(conf-rite)#length [128|256|512]
Router(conf-rite)#incoming [access-list|sample]
Router(conf-rite)#outgoing [access-list|sample]
Router(conf-rite)#exit
2. Apply the RITE profile to an interface:
Router(config)#interface fastethernet 0/1
Router(config-if)#ip traffic-export apply TEST size [1024-2147483647]
3. Start capture:
Router# traffic-export interface fastEthernet 0/1 start
4. After desired period stop the capture:
Router# traffic-export interface fastEthernet 0/1 stop
5. Copy the capture file from the buffer to a TFTP/FTP server:
Router# traffic-export interface fastEthernet 0/1 copy [tftp|ftp]
Steps to configure RITE for export traffic to specific host:
1. Create a capture profile:
Router(config)#ip traffic-export profile TEST mode export
Router(conf-rite)#bidirectional
Router(conf-rite)#length [128|256|512]
Router(conf-rite)#incoming [access-list|sample]
Router(conf-rite)#outgoing [access-list|sample]
Router(conf-rite)#mac-address h.h.h (Host MAC address)
Router(conf-rite)#interface fastethernet 0/0 (Host interface)
Router(conf-rite)#exit
2. Apply the RITE profile to an interface:
Router(config)#interface fastethernet 0/1
Router(config-if)#ip traffic-export apply TEST
3. Start capture:
Router# traffic-export interface fastEthernet 0/1 start
4. After desired period stop the capture:
Router# traffic-export interface fastEthernet 0/1 stop
Notes:
incoming and outgoing are used t filter packets based on ACLs
No comments:
Post a Comment