Cisco Pagent Example configuration

Cisco IOS Software, 3800 Software (C3845-TPGEN+IPBASE-M), Experimental Version 12.4(20100323:103320) [shgautam-v48-reg 116]
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Tue 23-Mar-10 17:31 by shgautam

ROM: System Bootstrap, Version 12.3(11r)T2, RELEASE SOFTWARE (fc1)

Pagent uptime is 5 days, 13 hours, 9 minutes
System returned to ROM by power-on
System image file is “flash:c3845-tpgen_ipbase-mz.PAGENT.4.8.0”

Cisco 3845 (revision 1.0) with 225280K/36864K bytes of memory.
Processor board ID SEEERIALLLLL
2 Gigabit Ethernet interfaces
DRAM configuration is 64 bits wide with parity enabled.
479K bytes of NVRAM.
126976K bytes of ATA System CompactFlash (Read/Write)

Configuration register is 0x2102

gigabitEthernet0/1  <– Select Output interface
rate 40000
length random 1000 to 1514
repeat 100 no-update
length random 500 to 1514
L2-encapsulation arpa
L2-dest-addr CCCC.3905.AAAA <– mac-address of SUT (manual config)
L2-src-addr BBBB.185B.DDDD <– mac-address of interface g0/1 (auto)
L3-src-addr random to
L3-dest-addr random to
L3-ttl 254
L4-type 8
data-length 1514
fill-pattern random with-update


Show command:

Pagent(TGN:ON,Gi0/1:10/10)#sh icmp

Pagent(TGN:ON,Gi0/1:10/10)#sh rate

Pagent(TGN:ON,Gi0/1:10/10)#sh ip

Cisco Nexus กับ feature acl-capture

เราสามารถทำการ SPAN เฉพาะ traffic ที่ตรงกับ access-list ได้โดยตัวอย่างจะเป็นการ capture เฉพาะ packet ที่มี destination tcp port 80

*ผมลองใช้ acl ที่ capture ที่เป็น icmp ไม่ได้ครับ (permit icmp any any capture session 1)


hardware access-list capture

interface Ethernet2/4
description ## HTTP capture traffic ##
switchport monitor
no shutdown

monitor session 1 type acl-capture
destination interface Ethernet2/4
no shut

ip access-list acl-capture-1
10 permit tcp any any eq www capture session 1
20 permit ip any any

interface Vlan15
ip access-group acl-capture-1 in


# sh monitor ses 1
session 1
type : acl-capture
state : up
destination ports : Eth2/4

Note: Matching traffic sourced from the following interfaces
will not be captured to the destination port(s)
(source & destination on same replication engine):

Eth2/3 Eth2/4


l = learning enabled
f = forwarding enabled
MCBE = multicast best effort
L3-TX = L3 Multicast Egress SPAN

# sh int e2/4 switchport

Name: Ethernet2/4
Switchport: Enabled
Switchport Monitor: Enabled
Operational Mode: access
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Trunking VLANs Allowed: 1-4094
FabricPath Topology List Allowed: 0
Administrative private-vlan primary host-association: none
Administrative private-vlan secondary host-association: none
Administrative private-vlan primary mapping: none
Administrative private-vlan secondary mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none

** ref: Cisco configuration guide

Cisco High CPU cause from ARP input process

กรณีที่ High CPU ตรวจสอบแล้วพบว่ามี ARP input process ใช้ resource มาก
#sh process cpu
จากนั้นลองดูที่ IP traffic
#sh ip traffic | b ARP
ซึ่งอาจจะเกิดจาก ARP request มากๆให้ดูตาม interface ต่างๆ
#clear counter
#show interfaces accounting | i Ethe|ARP|Vlan
จะพบว่ามี ARP request จาก interface ใดๆที่ส่งเข้ามามาก