Acl port mirroring, Viewing acl statistics – Blade ICE RACKSWITCH G8124-E User Manual

BLADEOS 6.5.2 Application Guide

80 Chapter 5: Access Control Lists

BMD00220, October 2010

ACL Port Mirroring

For regular ACLs and VMaps, packets that match an ACL on a specific port can be mirrored to
another switch port for network diagnosis and monitoring.

The source port for the mirrored packets cannot be a portchannel, but may be a member of a
portchannel.

The destination port to which packets are mirrored must be a physical port.

If the ACL or VMap has an action (permit, drop, etc.) assigned, it cannot be used to mirror packets
for that ACL.

Use the following commands to add mirroring to an ACL:

For regular ACLs:

The ACL must be also assigned to it target ports as usual (see

“Assigning Individual ACLs to a

Port” on page 78

).

For VMaps (see

“VLAN Maps” on page 82

):

Viewing ACL Statistics

ACL statistics display how many packets have “hit” (matched) each ACL. Use ACL statistics to
check filter performance or to debug the ACL filter configuration.

You must enable statistics for each ACL that you wish to monitor:

RS G8124(config)# access-control list

mirror port

RS G8124(config)# access-control vmap

mirror port

RS G8124(config)# access-control list

statistics