Dell MX5108n OS10 Enterprise Edition User Guide for PowerEdge MX IO Modules Re - Page 264
Flow-based monitoring
View all Dell MX5108n manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 264 highlights
OS10(conf-mon-erpm-source-10)# ip dscp 63 OS10(conf-mon-erpm-source-10)# no shut View configured ERPM session OS10(conf-mon-erpm-source-6)# do show monitor session all S.Id Source Destination Dir Mode Source IP Dest IP DSCP TTL Gre- Protocol State Reason 6 ethernet1/1/2 remote-ip both port 1.1.1.1 3.3.3.3 63 16 35006 true Is UP View running configuration of monitor session OS10# show running-configuration monitor ! monitor session 10 type erpm-source source-ip 1.1.1.1 destination-ip 3.3.3.3 source interface ethernet1/1/2 no shut Flow-based monitoring Flow-based monitoring conserves bandwidth by inspecting only specified traffic instead of all interface traffic. Using flow-based monitoring, you can monitor only traffic received by the source port that matches criteria in ingress access-lists. 1 Enable flow-based monitoring for a monitoring session in MONITOR-SESSION mode. flow-based enable 2 Return to CONFIGURATION mode. exit 3 Create an access list in CONFIGURATION mode. ip access-list access-list-name 4 Define access-list rules using seq, permit, and deny statements in CONFIG-ACL mode. The ACL rules describe the traffic you want to monitor. Flow monitoring is supported for IPv4 ACLs, IPv6 ACLs, and MAC ACLs. seq sequence-number {deny | permit} {source [mask] | any | host ip-address} [count [byte]] [fragments] [threshold-in-msgs count] [capture session session-id] 5 Return to CONFIGURATION mode. exit 6 Apply the flow-based monitoring ACL to the monitored source port in CONFIGURATION mode (up to 140 characters). ip access-group access-list-name {in | out} Enable flow-based monitoring OS10(config)# monitor session 1 OS10(conf-mon-local-1)# flow-based enable OS10(conf-mon-local-1)# exit OS10(config)# ip access-list ipacl1 OS10(conf-ipv4-acl)# deny ip host 1.1.1.23 any capture session 1 count OS10(conf-ipv4-acl)# exit OS10(config)# mac access-list mac1 OS10(conf-mac-acl)# deny any any capture session 1 OS10(conf-mac-acl)# exit OS10(config)# interface ethernet 1/1/9 OS10(conf-if-eth1/1/9)# mac access-group mac1 in OS10(conf-if-eth1/1/9)# end OS10# show mac access-lists in Ingress MAC access-list mac1 Active on interfaces : ethernet1/1/9 seq 10 deny any any capture session 1 count (0 packets) 264 Layer 2