Q: How to implement remote packet capture on the MA5600T?
A: Remote packet capture is a method based on the ACL matching (software). By this method, the packets captured to the CPU of the control board can be filtered, and the matched packets can be transmitted to the related servers through TFTP, FTP, or SFTP. This helps improve the efficiency of fault location and troubleshooting. The implementation of the remote packet capture is as follows: 1. Configure the backup server. MA5600T(su)%% backup-server debug primary 10.71.35.214 TFTP 2. Configure matching rules for packets. MA5600T(config)#acl 3000 MA5600Tconfig-acl-adv-3000)#rule 1 permit udp destination-port eq snmptrap Note: The matching rules are determined by the packets to be analyzed for troubleshooting. For example, the rules about the SNMP trap can be configured to handle the problem of the alarm reporting to the NMS. 3. Configure packet capture rules. MA5600T(su)%%capture item 1 bidirection user-group 3000 rule 1 port 0/3/0 Note: "bidirection" indicates the bi-directional packets, "inbound" indicates the ingress packets, "outbound" indicates the egress packets, and 0/3/0 indicates the port ID. In addition, "outbound" matches only f/s. Up to five packet capture rules can be configured. When the downstream packets of the service board need to be captured, it is normal if the downstream packets of the unspecified port are captured because "outbound" matches only f/s. 4. Start packet capture. MA5600T(su)%%capture start -c 1000000 Note: "-c 1000000" indicates that 1000000 packets are captured. By default, 100 packets are captured. 5. Stop packet capture. MA5600T(su)%%capture stop
Note that only MA5600V8R5C02 and later version support this function.