Blade ICE G8124-E Manuale Utente
BLADEOS 6.5.2 Application Guide
80
Chapter 5: Access Control Lists
BMD00220, October 2010
ACL Port Mirroring
For regular ACLs and VMaps, packets that match an ACL on a specific port can be mirrored to
another switch port for network diagnosis and monitoring.
another switch port for network diagnosis and monitoring.
The source port for the mirrored packets cannot be a portchannel, but may be a member of a
portchannel.
portchannel.
The destination port to which packets are mirrored must be a physical port.
If the ACL or VMap has an action (permit, drop, etc.) assigned, it cannot be used to mirror packets
for that ACL.
for that ACL.
Use the following commands to add mirroring to an ACL:
For regular ACLs:
The ACL must be also assigned to it target ports as usual (see
).
For VMaps (see
Viewing ACL Statistics
ACL statistics display how many packets have “hit” (matched) each ACL. Use ACL statistics to
check filter performance or to debug the ACL filter configuration.
check filter performance or to debug the ACL filter configuration.
You must enable statistics for each ACL that you wish to monitor:
RS G8124(config)# access-control list
<ACL number>
mirror port
<destination port>
RS G8124(config)# access-control vmap
<VMap number>
mirror port
<monitor destination port>
RS G8124(config)# access-control list
<ACL number>
statistics