Dell Force10 Z9000 - Flow-Based Monitoring

Dell Force10 Z9000

984 pages

To Next Page

To Next Page

To Previous Page

To Previous Page

Loading...

698 | Port Monitoring

www.dell.com | support.dell.com

Flow-based Monitoring

Flow-based Monitoring is supported only on platform e

Flow-based monitoring conserves bandwidth by monitoring only specified traffic instead all traffic on the

interface. This feature is particularly useful when looking for malicious traffic. It is available for Layer 2

and Layer 3 ingress and egress traffic. You may specify traffic using standard or extended access-lists.

To configure flow-based monitoring:

View an access-list that you applied to an interface using the command

show ip accounting access-list

from EXEC Privilege mode, as shown in Figure 32-8.

Figure 32-8. Configuring Flow-based Monitoring

Step Task Command Syntax Command Mode

4 Enable flow-based monitoring for a monitoring session. flow-based enable MONITOR SESSION

5 Define in an access-list rules that include the keyword

monitor. FTOS only considers for port monitoring traffic

matching rules with the keyword monitor.

See Chapter 6, Access Control Lists (ACLs).

ip access-list CONFIGURATION

6 Apply the ACL to the monitored port. See Chapter 6,

Access Control Lists (ACLs).

ip access-group

access-list

INTERFACE

FTOS(conf)#monitor session 0

FTOS(conf-mon-sess-0)#flow-based enable

FTOS(conf)#ip access-list ext testflow

FTOS(config-ext-nacl)#seq 5 permit icmp any any count bytes monitor

FTOS(config-ext-nacl)#seq 10 permit ip 102.1.1.0/24 any count bytes monitor

FTOS(config-ext-nacl)#seq 15 deny udp any any count bytes

FTOS(config-ext-nacl)#seq 20 deny tcp any any count bytes

FTOS(config-ext-nacl)#exit

FTOS(conf)#interface gig 1/1

FTOS(conf-if-gi-1/1)#ip access-group testflow in

FTOS(conf-if-gi-1/1)#show config

!

interface GigabitEthernet 1/1

ip address 10.11.1.254/24

ip access-group testflow in

shutdown

FTOS(conf-if-gi-1/1)#exit

FTOS(conf)#do show ip accounting access-list testflow

!

Extended Ingress IP access list testflow on GigabitEthernet 1/1

Total cam count 4

seq 5 permit icmp any any monitor count bytes (0 packets 0 bytes)

seq 10 permit ip 102.1.1.0/24 any monitor count bytes (0 packets 0 bytes)

seq 15 deny udp any any count bytes (0 packets 0 bytes)

seq 20 deny tcp any any count bytes (0 packets 0 bytes)

FTOS(conf)#do show monitor session 0

SessionID Source Destination Direction Mode Type

--------- ------ ----------- --------- ---- ----

Table of Contents

Other manuals for Dell Force10 Z9000

Reference Guide1483 pages

Quick Start Guide24 pages

Related product manuals

Preview: Dell Force10 S55

Dell Force10 S55

Preview: Dell Force10 MXL

Dell Force10 MXL

Preview: Dell Force10 S25N

Dell Force10 S25N

Preview: Dell Force10 E300

Dell Force10 E300

Preview: Dell Force10 S4810P

Dell Force10 S4810P

Preview: Dell Force10 S-Series

Dell Force10 S-Series

Preview: Dell Force10 S50N Series

Dell Force10 S50N Series

Preview: Dell Force10 S4820T System

Dell Force10 S4820T System

Preview: Dell Force10 TeraScale E Series

Dell Force10 TeraScale E Series

Preview: Force10 Software Defined Networking

Force10 Software Defined Networking

Preview: Dell PowerConnect B-FCXs

Dell PowerConnect B-FCXs

Preview: Dell PowerConnect 5424

Dell PowerConnect 5424