Filter
Top Products
AT-9000 Switch Command Line User’s Guide
383
Combining the Port Mirror with Access Control Lists
You may combine the port mirror with an access control list to monitor a
subset of the ingress traffic on a port. The access control list is used to
specify the ingress traffic to be coped to the destination port of the port
mirror. This feature only works on ingress packets because access control
lists are only effective on those types of packets. You cannot use it to copy
a subset of the egress packets on a port.
You first have to specify the destination port of the port mirror. The switch
can have only one destination port. The command for specifying the
destination port is the MIRROR command in the Port Interface mode. The
mode in which to perform the command is the Port Interface mode of the
port to be the destination port for the monitored traffic the access control
list defines.
You then have to create the access control list and assign it to the port
whose packets you want to monitor. When you create the access control
list, you have to specify the copy-to-mirror action.
Here is an example of the feature. It assumes you want to monitor ports 14
and 15 for ingress packets that have the IP address 149.83.124.95 as their
destination address. The traffic is to be copied to port 18, the destination
port for the port mirror. The access control list is given the ID number
3008.
awplus> enable
Enter the Privileged Exec mode
from the User Executive mode.
awplus# configure terminal
Enter the Global Configuration
mode.
awplus(config)# interface port1.0.18
Enter the Port Interface mode for
port 18, the destination port for the
port mirror.
awplus(config-if)# mirror
Enter the MIRROR command to
designate port 18 as the
destination port for the copied
packets.
awplus(config-if)# exit
Return to the Global Configuration
mode.
awplus(config)# access-list 3008 copy-to-mirror
ip any 149.83.124.95/32
Create the access control list. The
source address is ANY and the
destination address is
149.83.124.95.