beautypg.com

Configuring acl-based inbound mirroring, Creating an acl with a mirroring clause – Brocade Multi-Service IronWare Switching Configuration Guide (Supporting R05.6.00) User Manual

Page 47

background image

Multi-Service IronWare Switching Configuration Guide

17

53-1003036-02

ACL-based inbound mirroring

1

Brocade(config)# enable-acl-cam-sharing

Brocade(config)# interface ethernet 4/1

Brocade(config-if-e10000-4/1)# ip access-group 101 in

Brocade(config-if-e10000-4/1)# acl-mirror-port ethernet 6/1

Brocade(config-if-e10000-4/1)# interface ethernet 4/2

Brocade(config-if-e10000-4/2)# ip access-group 101 in

Configuring ACL-based inbound mirroring

The following sections describe how to configure ACL-based Inbound Mirroring on a Brocade device:

Creating an ACL with a mirroring clause

Applying the ACL to an interface

Specifying a destination mirror port

Specifying the destination mirror port for physical ports

Specifying the destination mirror port for a LAG

Configuring ACL-based mirroring for ACLs bound to virtual interfaces

Specifying the destination mirror port for IP receive ACLs

Creating an ACL with a mirroring clause

The mirror keyword in IPv4, Layer 2 and IPv6 ACL clauses directs traffic that matches the clause
criteria to be mirrored to another port. In the following examples, the ACL is used to direct IP traffic
to a mirror port.

Example : ACL-based Mirroring Supported for IPv4 ACLs.

Brocade(config)# access-list 101 permit ip any any mirror

Brocade(config)# access-list 101 permit ip any any

Example : ACL-based Mirroring supported for IPv6 Inbound ACLs.

Brocade(config)# ipv6 access-list gem

Brocade(config-ipv6-access-list gem)# permit tcp 2001:DB8::/64 2001:DB8::/64

mirror

Brocade(config-ipv6-access-list gem)# permit udp 1000:1::/64 2000:1::/64 mirror

Brocade(config-ipv6-access-list gem)# permit icmp 1000:1::/64 2000:1::/64 mirror

Brocade(config-ipv6-access-list gem)# permit ipv6 any any

Example : ACL-based Mirroring supported for Layer-2 Inbound ACLs.

Brocade(config)# access-list 400 permit 0000.0000.0010

ffff.ffff.ffff 0000.0000.0020 ffff.ffff.ffff any mirror

Brocade(config)# access-list 400 permit 0000.0000.0050

ffff.ffff.ffff 0000.0000.0020 ffff.ffff.ffff any mirror

Brocade(config)#access-list 400 permit any any any

The mirror parameter directs selected traffic to the mirrored port. Traffic can only be selected using
the permit clause. The mirror parameter is supported on rACLs.

NOTE

As with any ACL, the final clause must permit desired traffic to flow: be sure to add an appropriate
permit any any clause to the end of any ACL intended to mirror (and not filter) traffic. Failure to
include the permit clause will result in disruption of traffic through any interface to which the ACL is
applied.

See also other documents in the category Brocade Computer Accessories: