This could possibly mean that the filtered IP used on the packet capture is not a native VLAN IP on the trunk connection. This is currently a limitation on SGOS where there would be no packet captured if a packet capture filter is used on a ProxySG which sits on a bridge connection with a VLAN Trunk and the filtered IP does not sit on a native VLAN of the trunk connection.
The only workaround we have is by using a MAC address of the client, however this can only be used if the client sits on same network with ProxySG. Here is an example of filtering using MAC address
ether host 00:e0:81:aa:88:ef
In SGOS 6.x, the proxy supports the "vlan" capture filter. Hence, you can use "vlan x and host a.b.c.d" instead of the example below.
Example of a scenario
Proxy sits on a trunk which has a native Vlan 1 and Vlan 1 is configured as a native VLAN on the Proxy.
Workstation 10.105.13.201 is on vlan 13 and it's mac address is aa:bb:cc:dd:ee:ff
If you use a pcap filter "ip host 10.105.13.201" and start a packet capture, you get no capture.
However if you use filter aa:bb:cc:dd:ee:ff andStart the pcap and setup aa:aa:aa:aa:aa:aa as mac address filter and client and Proxy resides on same network, then only we will see packets being captured.
Imported Document ID: 000015716
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.