Reset Search
 

 

Article

VOSS : How to configure filter (ACL) to traffic mirroring to a destination port or ports

« Go Back

Information

 
TitleVOSS : How to configure filter (ACL) to traffic mirroring to a destination port or ports
Objective
This article provide filter configuration template to traffic mirroring to a destination port or ports
Environment
  • VOSS
  • VSP 4000
  • VSP 7200
  • VSP 8200
  • VSP 8400
Procedure
This security action applies to Ingress ACLs only.
  • Ingress port (inPort)
  • Ingress VLAN (inVLAN)

The ingress VLAN ACL’s associations apply to all the active port members of a VLAN. An ACL is created in the enabled state by default.
filter acl 1 type inVlan name "<ACL_1_NAME>"           
filter acl vlan 1 <VLANID_1>,<VLANID_2>
ACE to mirror all ICMP traffic to a Destination IP to a port or more than one port (optional)
filter acl ace 1 100 name  "<ACE_100_Mirror>" 
filter acl ace action 1 100 permit monitor-dst-ports <PORT#1,PORT#2>
filter acl ace ethernet 1 100 ether-type eq ip
filter acl ace ip 1 100 dst-ip eq <HOST_IP>
filter acl ace ip 1 100 ip-protocol-type eq icmp
filter acl ace 1 100 enable
Below are the different actions available to mirror traffic using CLI
monitor-dst-mlt      Security: Enable mirroring on destination mlt
monitor-dst-ports    Security: Enable mirroring on destination port or port-list
monitor-isid-offset  Security: Enable mirroring on destination isid

 
Additional notes
  • Security actions supported by the ACE IDs in the range of 1–1000

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255