Filter
Top Products
820 | Port Monitoring
www.dell.com | support.dell.com
Figure 38-7. Port Monitoring Example
Flow-based Monitoring
Flow-based Monitoring is supported only on platform e
Flow-based monitoring conserves bandwidth by monitoring only specified traffic instead all traffic on the
interface. This feature is particularly useful when looking for malicious traffic. It is available for Layer 2
and Layer 3 ingress and egress traffic. You may specify traffic using standard or extended access-lists.
To configure flow-based monitoring:
View an access-list that you applied to an interface using the command
show ip accounting access-list from
EXEC Privilege mode, as shown in Figure 38-8.
Step Command Syntax Command Mode Task
1
flow-based enable
MONITOR SESSION Enable flow-based monitoring for a monitoring session.
2
ip access-list
CONFIGURATION Define in an access-list rules that include the keyword
monitor. FTOS only considers for port monitoring traffic
matching rules with the keyword monitor.
See Chapter 8, IP Access Control Lists (ACL),
Prefix Lists, and Route-maps.
3
ip access-group
access-list
INTERFACE Apply the ACL to the monitored port. See Chapter 8, IP
Access Control Lists (ACL), Prefix Lists, and Route-maps.
1/2
1/1
Host
Sniffer
Server
1/3
F
orce10(conf-if-gi-1/2)#show config
!
i
nterface GigabitEthernet 1/2
no ip address
no shutdown
F
orce10(conf)#monitor session 0
F
orce10(conf-mon-sess-0)#source gig 1/1 destination gig 1/2 direction rx
Server Traffic
Host Traffic
Port Monitoring 001