Posted on October 18, 2017 6:43 pm
 |  Asked by Jazmin Solis Lopez
Print Friendly, PDF & Email
Posted by Alexis Dacquay
Answered on October 19, 2017 11:24 am

Hi Jazmin,

Running tcpdump on an interface/SVI only shows the traffic destined to the switch itself to be processed by the control plane. In order to capture the data plane traffic, you could try the following:


1. Port mirroring

Mirroring traffic to a port destined towards a collector/monitoring device


2. Advanced mirroring to the CPU

On the 7150/7500E/7500R/7280E/7280R, we can run port mirroring on an interface and send one copy of the dataplane traffic to the CPU where the tcpdump utility can be used:

[Section: Filtered Mirroring to CPU]


We also support Sampled mirroring



3. Sflow

Posted by Alexandru
Answered on October 19, 2017 1:24 pm

Hi Jazmin,

If the connections you wish to investigate are the data flows going through the switch then sFlow, is the feature you are looking for. Once configured on the switch using the guide in the following link the switch will send statistics regarding the traffic flows which should allow you to have a good understanding of what kind of connections are going through the system.
Please note that this requires an sFlow collector on to which the switch will point to and the inspection is done on said collector.

However, if by connections you mean the connections to the switch control plane(eg. who is logged into the switch right now), you can use the who command and you will get a list of users logged into the unit:

Line User Host(s) Idle Location
* 1 vty 3 admin idle 00:00:38

Post your Answer

You must be logged in to post an answer.