beautypg.com

Mac filter-based mirroring, Configuring mac filter-based mirroring – Brocade TurboIron 24X Series Configuration Guide User Manual

Page 464

background image

430

Brocade TurboIron 24X Series Configuration Guide

53-1003053-01

MAC filter-based mirroring

In this configuration, the ACL-mirror-port command is configured on port 1 which is a member of ve
10. Because of this, ACL-Based Mirroring will only apply to VLAN 10 traffic that arrives on ports 1
and 2. It will not apply to VLAN 10 traffic that arrives on port 3 because that port belongs to a
different port group than ports 1 and 2. This is because if you apply ACL-Based Mirroring on an
entire VE, and enable mirroring in only one port region, traffic that is in the same VE but on a port in
a different port region will not be mirrored.

To make the configuration apply ACL-Based Mirroring to VLAN 10 traffic arriving on port 3, you must
add the following command to the configuration.

TurboIron(config)#interface ethernet 3

TurboIron(config-if-e10000-3)#ACL-mirror-port ethernet 5

If a port is in both mirrored and non-mirrored VLANs, only traffic on the port from the mirrored VLAN
will be mirrored. For example, the following configuration adds VLAN 20 to the previous
configuration. In this example, ports 1 and 2 are in both VLAN 10 and VLAN 20. ACL-Based
Mirroring is only applied to VLAN 10. Consequently, traffic that is on ports 1 and 2 that belongs to
VLAN 20 will not be mirrored.

TurboIron(config)#vlan 10

TurboIron(config-vlan-10)#tagged ethernet 1 to 2

TurboIron(config-vlan-10)#tagged ethernet 3

TurboIron(config-vlan-10)#router-interface ve 10

TurboIron(config)#vlan 20

TurboIron(config-vlan-20)#tagged ethernet 1 to 2

TurboIron(config)#interface ethernet 1

TurboIron(config-if-e10000-1)#ACL-mirror-port ethernet 5

TurboIron(config)#interface ve 10

TurboIron(config-vif-10)#ip address 10.10.10.254/24

TurboIron(config-vif-10)#ip access-group 102 in

TurboIron(config)#access-list 102 permit ip any any mirror

MAC filter-based mirroring

This feature allows traffic entering an ingress port to be monitored from a mirror port connected to
a data analyzer, based on specific source and destination MAC addresses. This feature supports
mirroring of inbound traffic only. Outbound mirroring is not supported.

MAC-Filter-Based Mirroring allows a user to specify a particular stream of data for mirroring using a
filter. This eliminates the need to analyze all incoming data to the monitored port. To configure
MAC-Filter-Based Mirroring, the user must perform three steps:

Define a mirror port

Create a MAC filter with a mirroring clause

Apply the MAC filter to an interface

The following sections describe these steps.

Configuring MAC filter-based mirroring

The following example shows how to configure MAC filter-based mirroring.

See also other documents in the category Brocade Computer Accessories: