KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

351

352

353

354

355

356

357

358

359

360

About selecting inbound traffic using an ACL (deprecated)

Deprecation of ACL-based traffic selection

In release K.14.01 or greater, the use of ACLs to select inbound traffic in a mirroring session has

been replaced with classifier-based mirroring policies.

The following commands have been deprecated:

• interface port/trunk/mesh monitor ip access-group acl-name in

mirror 1 - 4 | name-str

• vlan vid-# monitor ip access-group acl-name in

mirror 1 - 4 | name-str

After you install and boot release K.14.01 or greater, ACL-based local and remote mirroring

sessions configured on a port or VLAN interface are automatically converted to classifier-based

mirroring policies.

About selecting inbound/outbound traffic using a MAC address

Use the monitor mac mirror command at the global configuration level to apply a source

and/or destination MAC address as the selection criteria used in a local or remote mirroring

session.

While classifier-based mirroring allows you to mirror traffic using a policy to specify IP addresses

as selection criteria, MAC-based mirroring allows you monitor switch traffic using a source and/or

destination MAC address. You can apply MAC-based mirroring in one or more mirroring sessions

on the switch to monitor:

• Inbound traffic

• Outbound traffic

• Both inbound and outbound traffic

MAC-based mirroring is useful in HP Switch Network Immunity security solutions that provide

detection and response to malicious traffic at the network edge. After isolating a malicious MAC

address, a security administrator can mirror all traffic sent to and received from the suspicious

address for troubleshooting and traffic analysis.

The MAC address that you enter with the monitor mac mirror command is configured to

select traffic for mirroring from all ports and learned VLANs on the switch. Therefore, a suspicions

MAC address used in wireless applications can be continuously monitored as it re-appears in

switch traffic on different ports or VLAN interfaces.

You can configure MAC-based mirroring from the CLI or an SNMP management station and use

it to mirror:

• All inbound and outbound traffic from a group of hosts to one destination device.

• Inbound and/or outbound traffic from each host to a different destination device.

• Inbound and outbound traffic from all monitored hosts separately on two destination devices:

mirroring all inbound traffic to one device and all outbound traffic to another device.

Restrictions

The following restrictions apply to MAC-based mirroring:

• Up to 320 different MAC addresses are supported for traffic selection in all mirroring sessions

configured on the switch.

• A destination MAC address is not supported as mirroring criteria for routed traffic, because

in routed packets, the destination MAC address is changed to the next-hop address when the

About selecting all inbound/outbound traffic to mirror 353