© Copyright IBM Corp. 2011 Chapter 7. Access Control Lists 85
ACL Port Mirroring
For IPv4 ACLs and VMaps, packets that match the filter can be mirrored to another
switch port for network diagnosis and monitoring.
The source port for the mirrored packets cannot be a portchannel, but may be a
member of a portchannel.
The destination port to which packets are mirrored must be a physical port.
If the ACL or VMap has an action (permit, drop, etc.) assigned, it cannot be used to
mirror packets for that ACL.
Use the following commands to add mirroring to an ACL:
•
For IPv4 ACLs:
The ACL must be also assigned to it target ports as usual (see “Assigning
Individual ACLs to a Port” on page 82, or “Assigning ACL Groups to a Port” on
page 84).
•
For VMaps (see “VLAN Maps” on page 88):
See the configuration example on page 89.
Viewing ACL Statistics
ACL statistics display how many packets have “hit” (matched) each ACL. Use
ACL statistics to check filter performance or to debug the ACL filter configuration.
You must enable statistics for each ACL that you wish to monitor:
RS G8000(config)# access-control list <ACL number> mirror port
<destination port>
RS G8000(config)# access-control vmap <VMap number> mirror port <monitor
destination port>
RS G8000(config)# access-control list <ACL number> statistics
To Next Page
Loading...
Need help?
General
