Limitations and Precautions for 5-Tuple Packet Capture

Supported by all models.

5-Tuple Packet Capture function is not license-controlled.

The 5-tuple packet capture function cannot capture the BFD packets on the management plane.
The inner packets of GRE, IPSec, or L2TP VPN tunnels do not have source or destination MAC addresses. Therefore, ACL-based capture of such inner packets in tunnels cannot obtain actual MAC addresses.
The data on the packets captured by virtual systems are temporarily stored in the CF card in the format of a .txt file. When the available space of the CF card is less than 50M or lower, there is no sufficient space for storing the data on captured packets. In this case, the packet capture function cannot be used properly.
The hardware chip-based 5-tuple packet capture function can be configured only in CLI mode.
Both IPv4 and IPv6 scenarios support 5-tuple packet capture.
The web UI allows only one interface to be configured to capture packets. If you configure multiple interfaces to capture packets on the web UI, only the last configuration takes effect.
The content of captured IPv6 packets cannot be displayed on the web UI.

The HA interface cannot be used for 5-tuple packet capture.
The packets on the management interface MEth 0/0/0 is directly sent to the CPU without passing through the NP chip. Therefore, the hardware chip-based 5-tuple packet capture function is not supported. You can obtain packets by using the MPU CPU-based 5-tuple packet capture function.
Hardware chip-based 5-tuple packet capture and hardware chip-based port mirroring are mutually exclusive and cannot be configured at the same time.
In an IPv6 scenario, hardware chip-based 5-tuple packet capture is supported only in the root system.
For IPv6 packets, hardware chip-based 5-tuple packets capture applies only to ICMPv6, TCP, and UDP packets.

Enabling 5-tuple packet capture compromises device performance. Exercise caution when you enable this function.
If the length of the IP packets to be captured by the 5-tuple packet capture function is greater than the length of actual packets, the 5-tuple packet capture function can capture the whole packet content, which may cause the disclosure of users' personal data. When using this function, you must comply with related national laws and regulations and take sufficient measures to protect users' personal data. For example, the technical support personnel cannot perform packet capture without prior consent of customers. Huawei will not bear any legal obligations or liabilities for the security events (such as personal data leaks) that are not caused by Huawei's misconduct.
After finishing issue locating and analysis, to ensure information security, perform the following operations:
USG6000E : Immediately run the undo packet-capture command to stop packet capture and delete the packet capture configuration, run the reset packet-capture queue all command to clear the packet capture queue, and run the reset packet-capture statistic command to clear the packet capture statistics.