KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

351

352

353

354

355

356

357

358

359

360

Like ACL-based traffic-selection criteria, classifier-based service policies apply only to inbound

traffic flows and are configured on a per-port or per-VLAN basis. In a mirroring session,

classifier-based service policies do not support:

• The mirroring of outbound traffic exiting the switch

• The use of meshed ports as monitored (source) interfaces

Classifier-based mirroring is not designed to work with other traffic-selection methods in a mirroring

session applied to a port or VLAN interface:

• If a mirroring session is already configured with one or more traffic-selection criteria

(MAC-based or all inbound and/or outbound traffic), the session does not support the addition

of a classifier-based policy.

• If a mirroring session is configured to use a classifier-based mirroring policy, no other

traffic-selection criteria (MAC-based or all inbound and/or outbound traffic) can be added to

the session on the same or a different interface.

Classifier-based mirroring policies provide greater precision when analyzing and debugging a

network traffic problem. Using multiple match criteria, you can finely select and define the classes

of traffic that you want to mirror on a traffic analyzer or IDS device.

Classifier-based mirroring configuration

1. Evaluate the types of traffic in your network and identify the traffic types that you want to

mirror.

2. Create an IPv4 or IPv6 traffic class using the class command to select the packets that you

want to mirror in a session on a preconfigured local or remote destination device. (See

“Configuring classifier-based mirroring” (page 329).)

A traffic class consists of match criteria, which consist of match and ignore commands.

• match commands define the values that header fields must contain for a packet to belong

to the class and be managed by policy actions.

• ignore commands define the values which, if contained in header fields, exclude a

packet from the policy actions configured for the class.

NOTE: Be sure to enter match/ignore statements in the precise order in which you want

their criteria to be used to check packets.

The following match criteria are supported in match/ignore statements for inbound IPv4/IPv6

traffic:

• IP source address (IPv4 and IPv6)

• IP destination address (IPv4 and IPv6)

• IP protocol (such as ICMP or SNMP)

• Layer 3 IP precedence bits

• Layer 3 DSCP codepoint

• Layer 4 TCP/UDP application port (including TCP flags)

• VLAN ID

Enter one or more match or ignore commands from the class configuration context to filter

traffic and determine the packets on which policy actions will be performed. (See (page 330).)

3. Create a mirroring policy to configure the session and destination device to which specified

classes of inbound traffic are sent by entering the policy mirror command from the global

configuration context. (See (page 319).)

Classifier-based mirroring configuration 355