Reset Search



How to configure flow-redirect

« Go Back


TitleHow to configure flow-redirect
Redirect all traffic ingressing port 1 to a next hop of instead of the normal traffic flow.

Things to remember:
  • The next-hop IP address needs to be the switches next Layer 3 hop.
  • The ingress ACL needs to be placed in the right location to capture the traffic you want to redirect.
  • EXOS
  • Summit
  • BlackDiamond
User-added image
1.  The first thing you need to do is create a flow redirect.
  • Create the flow-redirect name:
    • create flow-redirect GTAC_redirect
  • Configure the next hop address (This command can be entered multiple times with different priorities.  Highest priority gets used). 
    • configure flow-redirect GTAC_redirect add nexthop priority 100
  • If more than one next hop address is used, EXOS will automatically send ping health-checks to make sure the next hop is available. If the connectivity is loss then it will refer to the next highest priority next hop in the configuration. The default configuration can be changed below:
    • configure flow-redirect GTAC_redirect nexthop ping health-check interval <seconds> miss <# of misses allowed>
  • Create the ACL/Policy: (How to create and apply an ACL in EXOS)
    • edit policy ACL_redirect
    • Paste the following into the editor.  Make sure your in insert mode "i" (Keep in mind that the following ACL is an example, this will have to be tweaked to fit your needs)
Entry redirect {
If match all {
} then {
redirect-name GTAC_redirect;

Apply the ACL to the port(s) or VLAN you would like traffic to be scanned on: 
  • In this example we will add it to port 1 ingress.
    • configure access-list ACL_redirect ports 1 ingress
Additional notes
You can also apply the ACL on the entire VLAN
configure access-list <policy name without .pol> vlan <vlan>

How to create and apply an ACL in EXOS

Related Hub Thread:



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255