beautypg.com

Brocade TurboIron 24X Series Configuration Guide User Manual

Page 463

background image

Brocade TurboIron 24X Series Configuration Guide

429

53-1003053-01

ACL-based inbound mirroring

NOTE

If you want to add a port configured for ACL-Based Mirroring to a trunk, you must first remove the
ACL-mirror-port from the port configuration. You can then add the port to a trunk that can then be
configured for ACL-Based Trunk Mirroring.

Behavior of ACL-based mirroring when deleting trunks
If you delete a trunk that has ACL-Based Mirroring configured, the ACL-Based Mirroring
configuration will be configured on the individual ports that made up the trunk.

For example, if a trunk is configured as shown in the following example and is then deleted from the
configuration as shown, each of the ports that previously were contained in the trunk will be
configured for ACL-Based Mirroring.

TurboIron(config)#trunk ethernet 1 to 2

TurboIron(config)#trunk deploy

TurboIron(config)#interface ethernet 1

TurboIron(config-if-e10000)#ACL-mirror-port ethernet 3

To delete the trunk,enter the following command.

TurboIron(config)#no trunk ethernet 1 to 2

Configuration for ACL-Based Mirroring on ports 1 and 2 that results from the trunk being deleted.

interface ethernet 1

ACL-mirror-port ethernet 3

interface ethernet 2

ACL-mirror-port ethernet 3

Configuring ACL-based mirroring for ACLs bound to virtual interfaces

For configurations that have an ACL configured for ACL-Based Mirroring bound to a virtual interface,
you must configure the ACL-mirror-port command on a physical port that is a member of the same
VLAN as the virtual interface. Additionally, only traffic that arrives at ports that belong to the same
port group as the physical port where the ACL-mirror-port command is configured will be mirrored.
This follows the same rules described in

“Ports from a port region must be mirrored to the same

destination mirror port”

on page 427.

For example, in the following configuration ports 1,2 and 3 are in VLAN 10 with ve 10. Ports 1 and
2 belong to the same port group while port 3 belongs to another port group.

TurboIron(config)#vlan 10

TurboIron(config-vlan-10)#tagged ethernet 1 to 2

TurboIron(config-vlan-10)#tagged ethernet 3

TurboIron(config-vlan-10)#router-interface ve 10

TurboIron(config)#interface ethernet 1

TurboIron(config-if-e10000-1)#ACL-mirror-port ethernet 5

TurboIron(config)#interface ve 10

TurboIron(config-vif-10)#ip address 10.10.10.254/24

TurboIron(config-vif-10)#ip access-group 102 in

TurboIron(config)#access-list 102 permit ip any any mirror

See also other documents in the category Brocade Computer Accessories: