本文档介绍如何使用以太网数据包捕获(EPC)功能来捕获进程交换、本地生成或思科快速转发(CEF)传输的数据包。管理引擎2T(Sup2T)不支持CPU带内交换机端口分析器(SPAN)捕获。
思科建议您了解EPC功能和由于Catalyst 6500系列交换机上的中断而导致的高CPU利用率。
本文档中的信息基于在Sup2T上运行的Cisco Catalyst 6500系列交换机。
本文档中的信息都是基于特定实验室环境中的设备编写的。本文档中使用的所有设备最初均采用原始(默认)配置。如果您使用的是真实网络,请确保您已经了解所有命令的潜在影响。
这是初始配置。
6500#monitor capture buffer CAP_BUFFER
! Create a capture buffer
6500#monitor capture point ip cef CEF_PUNT punt
! Create capture point for cef punted traffic
6500#monitor capture point ip process-switched PROCESS_SW both
! Create capture point for process switched traffic
6500#monitor capture point ip process-switched LOCAL_TRAFFIC from-us
! Create capture point for locally generated traffic
6500#monitor capture point associate PROCESS_SW CAP_BUFFER
6500#monitor capture point associate LOCAL_TRAFFIC CAP_BUFFER
6500#monitor capture point associate CEF_PUNT CAP_BUFFER
! Associate capture points to capture buffer
6500#monitor cap buffer CAP_BUFFER size 128
! Set packet dump buffer size (in Kbytes)
6500#monitor cap buffer CAP_BUFFER max-size 512
! Set element size in bytes : 1024 bytes or less (default is 68 bytes)
配置如下:
6500#show monitor capture buffer CAP_BUFFER parameters
Capture buffer CAP_BUFFER (linear buffer)
Buffer Size : 131072 bytes, Max Element Size : 512 bytes, Packets : 0
Allow-nth-pak : 0, Duration : 0 (seconds), Max packets : 0, pps : 0
Associated Capture Points:
Name : PROCESS_SW, Status : Inactive
Name : LOCAL_TRAFFIC, Status : Inactive
Name : CEF_PUNT, Status : Inactive
Configuration:
monitor capture buffer CAP_BUFFER size 128 max-size 512
monitor capture point associate PROCESS_SW CAP_BUFFER
monitor capture point associate LOCAL_TRAFFIC CAP_BUFFER
monitor capture point associate CEF_PUNT CAP_BUFFER
要捕获进程交换数据,请使用以下过程:
6500#monitor capture point start PROCESS_SW
*Jun 1 06:26:51.237: %BUFCAP-6-ENABLE: Capture Point PROCESS_SW enabled.
6500#show monitor capture buffer CAP_BUFFER parameters
Capture buffer CAP_BUFFER (linear buffer)
Buffer Size : 131072 bytes, Max Element Size : 512 bytes, Packets : 20
Allow-nth-pak : 0, Duration : 0 (seconds), Max packets : 0, pps : 0
Associated Capture Points:
Name : PROCESS_SW, Status : Active
Name : LOCAL_TRAFFIC, Status : Inactive
Name : CEF_PUNT, Status : Inactive
Configuration:
monitor capture buffer CAP_BUFFER size 128 max-size 512
monitor capture point associate PROCESS_SW CAP_BUFFER
monitor capture point associate LOCAL_TRAFFIC CAP_BUFFER
monitor capture point associate CEF_PUNT CAP_BUFFER
6500#show monitor capture buffer CAP_BUFFER dump
06:26:52.121 UTC Jun 1 2000 : IPv4 Process : Gi1/3 None
0F6FE920: 01005E00 00020000 0C07AC02 ..^.......,.
0F6FE930: 080045C0 00300000 00000111 CCF70A02 ..E@.0......Lw..
0F6FE940: 0202E000 000207C1 07C1001C 95F60000 ..`....A.A...v..
0F6FE950: 10030A64 02006369 73636F00 00000A02 ...d..cisco.....
0F6FE960: 020100 ...
06:26:52.769 UTC Jun 1 2000 : IPv4 Process : Gi1/3 None
0F6FE920: 01005E00 000A0019 AAC0B84B ..^.....*@8K
0F6FE930: 080045C0 00420000 00000158 83E8AC10 ..E@.B.....X.h,.
0F6FE940: A8A1E000 000A0205 EDEB0000 00000000 (!`.....mk......
0F6FE950: 00000000 00000000 00CA0001 000C0100 .........J......
0F6FE960: 01000000 000F0004 00080C02 01020006 ................
0F6FE970: 0006000D 00 .....
<snip>
6500#monitor capture point stop PROCESS_SW
*Jun 1 06:28:37.017: %BUFCAP-6-DISABLE: Capture Point PROCESS_SW disabled.
6500#monitor capture buffer CAP_BUFFER clear
要捕获本地生成的流量,请使用以下步骤:
6500#monitor capture point start LOCAL_TRAFFIC
*Jun 1 06:29:17.597: %BUFCAP-6-ENABLE: Capture Point LOCAL_TRAFFIC enabled.
6500#show monitor capture buffer CAP_BUFFER parameters
Capture buffer CAP_BUFFER (linear buffer)
Buffer Size : 131072 bytes, Max Element Size : 512 bytes, Packets : 5
Allow-nth-pak : 0, Duration : 0 (seconds), Max packets : 0, pps : 0
Associated Capture Points:
Name : PROCESS_SW, Status : Inactive
Name : LOCAL_TRAFFIC, Status : Active
Name : CEF_PUNT, Status : Inactive
Configuration:
monitor capture buffer CAP_BUFFER size 128 max-size 512
monitor capture point associate PROCESS_SW CAP_BUFFER
monitor capture point associate LOCAL_TRAFFIC CAP_BUFFER
monitor capture point associate CEF_PUNT CAP_BUFFER
6500#show monitor capture buffer CAP_BUFFER dump
06:31:40.001 UTC Jun 1 2000 : IPv4 Process : None Gi1/3
5616A9A0: 00020000 03F42800 03800000 76000000 .....t(.....v...
5616A9B0: 00000000 00000000 00000000 00000000 ................
5616A9C0: 001D4571 AC412894 0FFDE940 08004500 ..Eq,A(..}i@..E.
5616A9D0: 0064000A 0000FF01 29A8AC10 9215AC10 .d......)(,...,.
5616A9E0: A7B00800 2F230002 00000000 00000239 '0../#.........9
5616A9F0: 4CECABCD ABCDABCD ABCDABCD ABCDABCD Ll+M+M+M+M+M+M+M
5616AA00: ABCDABCD ABCDABCD ABCDABCD ABCDABCD +M+M+M+M+M+M+M+M
5616AA10: ABCDABCD ABCDABCD ABCDABCD ABCDABCD +M+M+M+M+M+M+M+M
5616AA20: ABCDABCD ABCDABCD ABCDABCD ABCDABCD +M+M+M+M+M+M+M+M
5616AA30: ABCD00 +M.
<snip>
6500#monitor capture point stop LOCAL_TRAFFIC
*Jun 1 06:33:08.353: %BUFCAP-6-DISABLE: Capture Point LOCAL_TRAFFIC disabled.
6500#monitor capture buffer CAP_BUFFER clear
要捕获CEF传送的流量,请使用以下步骤:
6500#monitor capture point start CEF_PUNT
*Jun 1 06:33:42.657: %BUFCAP-6-ENABLE: Capture Point CEF_PUNT enabled.
6500#show monitor capture buffer CAP_BUFFER parameters
Capture buffer CAP_BUFFER (linear buffer)
Buffer Size : 131072 bytes, Max Element Size : 512 bytes, Packets : 8
Allow-nth-pak : 0, Duration : 0 (seconds), Max packets : 0, pps : 0
Associated Capture Points:
Name : PROCESS_SW, Status : Inactive
Name : LOCAL_TRAFFIC, Status : Inactive
Name : CEF_PUNT, Status : Active
Configuration:
monitor capture buffer CAP_BUFFER size 128 max-size 512
monitor capture point associate PROCESS_SW CAP_BUFFER
monitor capture point associate LOCAL_TRAFFIC CAP_BUFFER
monitor capture point associate CEF_PUNT CAP_BUFFER
6504-E#show monitor capture buffer CAP_BUFFER dump
06:47:21.417 UTC Jun 1 2000 : IPv4 CEF Punt : Gi1/1 None
5616B090: 01005E00 000A0019 AAC0B846 080045C0 ..^.....*@8F..E@
5616B0A0: 00420000 00000158 84E8AC10 A7A1E000 .B.....X.h,.'!`.
5616B0B0: 000A0205 EDEB0000 00000000 00000000 ....mk..........
5616B0C0: 00000000 00CA0001 000C0100 01000000 .....J..........
5616B0D0: 000F0004 00080C02 01020006 0006000D ................
5616B0E0: 00 .
<snip>
6500#show monitor capture buffer CAP_BUFFER dump filter input-interface gi1/3
06:47:21.725 UTC Jun 1 2000 : IPv4 CEF Punt : Gi1/3 None
5607DCF0: 01005E00 0005001F 6C067102 ..^.....l.q.
5607DD00: 080045C0 004CD399 00000159 F8F60A02 ..E@.LS....Yxv..
5607DD10: 0202E000 00050201 002C0A02 02020000 ..`......,......
5607DD20: 0001D495 00000000 00000000 0000FFFF ..T.............
5607DD30: FF00000A 12010000 00280A02 02020000 .........(......
5607DD40: 0000FFF6 00030001 00040000 000100 ...v...........
06:47:22.837 UTC Jun 1 2000 : IPv4 CEF Punt : Gi1/3 None
5607DCF0: 01005E00 00020000 0C07AC02 ..^.......,.
5607DD00: 080045C0 00300000 00000111 CCF70A02 ..E@.0......Lw..
5607DD10: 0202E000 000207C1 07C1001C 95F60000 ..`....A.A...v..
5607DD20: 10030A64 02006369 73636F00 00000A02 ...d..cisco.....
5607DD30: 020100 ...
<snip>
6500#monitor capture point stop CEF_PUNT
*Jun 1 06:36:01.285: %BUFCAP-6-DISABLE: Capture Point CEF_PUNT disabled.
6500#monitor capture buffer CAP_BUFFER clear
请参阅配置流程中列出的验证步骤,以确认您的配置工作正常。
目前没有针对此配置的故障排除信息。
版本 | 发布日期 | 备注 |
---|---|---|
1.0 |
14-Jun-2013 |
初始版本 |