Quick Reference Guide

ManualsBrandsDell ManualsComputer equipmentPowerConnect B-TI24x

431

432

433

434

435

436

437

438

439

440

PowerConnect B-Series TI24X Configuration Guide 401

53-1002269-02

ACL-based inbound mirroring

Behavior of ACL-based mirroring when deleting trunks

If you delete a trunk that has ACL-Based Mirroring configured, the ACL-Based Mirroring

configuration will be configured on the individual ports that made up the trunk.

For example, if a trunk is configured as shown in the following example and is then deleted from the

configuration as shown, each of the ports that previously were contained in the trunk will be

configured for ACL-Based Mirroring.

PowerConnect(config)#trunk ethernet 1 to 2

PowerConnect(config)#trunk deploy

PowerConnect(config)#interface ethernet 1

PowerConnect(config-if-e10000)#ACL-mirror-port ethernet 3

To delete the trunk,enter the following command.

PowerConnect(config)#no trunk ethernet 1 to 2

Configuration for ACL-Based Mirroring on ports 1 and 2 that results from the trunk being deleted.

interface ethernet 1

ACL-mirror-port ethernet 3

interface ethernet 2

ACL-mirror-port ethernet 3

Configuring ACL-based mirroring for ACLs bound to virtual interfaces

For configurations that have an ACL configured for ACL-Based Mirroring bound to a virtual interface,

you must configure the ACL-mirror-port command on a physical port that is a member of the same

VLAN as the virtual interface. Additionally, only traffic that arrives at ports that belong to the same

port group as the physical port where the ACL-mirror-port command is configured will be mirrored.

This follows the same rules described in “Ports from a port region must be mirrored to the same

destination mirror port” on page 399.

For example, in the following configuration ports 1,2 and 3 are in VLAN 10 with ve 10. Ports 1 and

2 belong to the same port group while port 3 belongs to another port group.

PowerConnect(config)#vlan 10

PowerConnect(config-vlan-10)#tagged ethernet 1 to 2

PowerConnect(config-vlan-10)#tagged ethernet 3

PowerConnect(config-vlan-10)#router-interface ve 10

PowerConnect(config)#interface ethernet 1

PowerConnect(config-if-e10000-1)#ACL-mirror-port ethernet 5

PowerConnect(config)#interface ve 10

PowerConnect(config-vif-10)#ip address 10.10.10.254/24

PowerConnect(config-vif-10)#ip access-group 102 in

PowerConnect(config)#access-list 102 permit ip any any mirror

In this configuration, the ACL-mirror-port command is configured on port 1 which is a member of ve

10. Because of this, ACL-Based Mirroring will only apply to VLAN 10 traffic that arrives on ports 1

and 2. It will not apply to VLAN 10 traffic that arrives on port 3 because that port belongs to a

different port group than ports 1 and 2. This is because if you apply ACL-Based Mirroring on an

entire VE, and enable mirroring in only one port region, traffic that is in the same VE but on a port in

a different port region will not be mirrored.

To make the configuration apply ACL-Based Mirroring to VLAN 10 traffic arriving on port 3, you must

add the following command to the configuration.

PowerConnect(config)#interface ethernet 3

PowerConnect(config-if-e10000-3)#ACL-mirror-port ethernet 5