Cisco 4500-X switch. Aiming to packet capture on a trunk port, using:
monitor capture mycap interface te2/1/5 out monitor capture mycap match any monitor capture mycap file location bootflash:mycap.cap monitor capture mycap start
results in a capture including only VLAN 1 traffic. So just switch-to-switch chatter like STP. Not what I want. I need traffic from (in this case) VLAN 300.
However if I do:
monitor capture mycap interface te2/1/5 out vlan 300 both monitor capture mycap match any monitor capture mycap file location bootflash:mycap.cap monitor capture mycap start
results in capture which includes all VLAN 300 traffic across the whole switch not just interface Te2/1/5. (This is way too much traffic to inspect, although it presumably includes what I want.)
Doing this results in similar, unwanted behaviour:
... interface te2/1/5 both vlan 300 both
How can I capture just VLAN 300 traffic on interface Te2/1/5 ?
FWIW I'm looking to capture presumed-errant broadcast traffic (or possibly multicast) so I can't capture based on IP addresses.
No comments:
Post a Comment