Dell PowerSwitch S4128F-ON OS10 Enterprise Edition User Guide Release 10.4.1.0 - Page 603
Flow-based mirroring, Enable flow-based monitoring
View all Dell PowerSwitch S4128F-ON manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 603 highlights
When a packet arrives at a monitored port, the packet validates against the configured ACL rules. If the packet matches an ACL rule, the system examines the corresponding flow processor and performs the action specified for that port. If the mirroring action is set in the flow processor entry, the port details are sent to the destination port. Flow-based mirroring Flow-based mirroring is a mirroring session in which traffic matches specified policies that are mirrored to a destination port. Port-based mirroring maintains a database that contains all monitoring sessions, including port monitor sessions. The database has information regarding the sessions that are enabled or not enabled for flow-based monitoring. Flow-based mirroring is also known as policy-based mirroring. To activate flow-based mirroring, use the flow-based enable command. Traffic with particular flows that are traversing through the ingress interfaces are examined. Appropriate ACL rules apply in the ingress direction. By default, flow-based mirroring is not enabled. To enable the evaluation and replication of traffic traversing to the destination port, configure the monitor option with the permit, deny, or seq commands for ACLs assigned to the source or the monitored port (MD). Enter the keywords capture session session-id with the seq, permit, or deny command for the ACL rules to allow or drop IPv4, IPv6, ARP, UDP, EtherType, ICMP, and TCP packets. IPV4-ACL mode seq sequence-number {deny | permit} {source [mask] | any | host ip-address} [count [byte]] [fragments] [threshold-in-msgs count] [capture session session-id] If you configure the flow-based enable command and do not apply an ACL on the source port or the monitored port, both flow-based monitoring and port mirroring do not function. Flow-based monitoring is supported only for ingress traffic. The show monitor session session-id command displays output which indicates if a particular session is enabled for flowmonitoring. View flow-based monitoring OS10# show monitor session 1 S.Id Source Destination Dir SrcIP DstIP DSCP TTL State Reason 1 ethernet1/1/1 ethernet1/1/4 both N/A N/A N/A N/A true Is UP Traffic matching ACL rule OS10# show ip access-lists in Ingress IP access-list testflow Active on interfaces : ethernet1/1/1 seq 5 permit icmp any any capture session 1 seq 10 permit ip 102.1.1.0/24 any capture session 1 seq 15 deny udp any any capture session 2 seq 20 deny tcp any any capture session 3 Enable flow-based monitoring Flow-based monitoring conserves bandwidth by mirroring only specified traffic, rather than all traffic on an interface. It is available for L2 and L3 ingress and egress traffic. Configure traffic to be monitored using ACL filters. 1 Create a monitor session in MONITOR-SESSION mode. monitor session session-number type local 2 Enable flow-based monitoring for the mirroring session in MONITOR-SESSION mode. flow-based enable Access Control Lists 603