Configuration Guide User guide

ManualsBrandsBrocade ManualsComputer AccessoriesFastIron

981

982

983

984

985

986

987

988

989

990

932 FastIron Configuration Guide

53-1002494-02

ACL-based inbound mirroring

Brocade(config-if-e1000-1/1/5)#acl-mirror-port ethernet 1/1/2

To display ACL mirror settings, enter the show access-list all command.

Brocade#show access-list all

Extended IP access list 101

permit ip any any mirror

ACL-based inbound mirror clauses for

FastIron X Series devices

The mirror parameter in an ACL clause causes the system to direct traffic that meets the clause to

be sent to a mirror port. Consider the following example.

Brocade(config)#access-list 101 permit ip any any mirror

The mirror parameter directs selected traffic to the mirrored port. Traffic mirroring is only supported

on Layer 3 ACLs for FastIron X Series devices.

You can select traffic to be mirrored using a permit or deny clause on ports on the following

interface modules:

• SX-FI-24GPP

• SX-FI-24HF

• SX-FI-2XG

• SX-FI-8XG

On all other interface modules, you can select traffic to be mirrored using only a permit clause.

Destination mirror port

You can specify physical ports or a trunk to mirror traffic. If you complete the rest of the

configuration but do not specify a destination mirror port, the port-mirroring ACL is non-operational.

This can be useful if you want to be able to mirror traffic by a set criteria on demand. With this

configuration, you configure a destination mirror port whenever you want the port-mirroring ACL to

become operational.

The following sections describe how to specify a destination port for a port or a trunk, as well as the

special considerations required when mirroring traffic from a virtual interface.

Specifying the destination mirror port for physical ports

When you want traffic that has been selected by ACL-based inbound mirroring to be mirrored, you

must configure a destination mirror port. This configuration is performed at the interface

configuration level of the port with the traffic you are mirroring. The destination port must be the

same for all ports in a port region as described in “Ports from a port region must be mirrored to the

same destination mirror port” on page 933.

In the following example, ACL mirroring traffic from port 1/1 is mirrored to port 1/3.

Brocade(config)#interface ethernet 1/1

Brocade(config-if-e10000-1/1)#ACL-mirror-port ethernet 1/3

Syntax: [no] ACL-mirror-port ethernet <port>

The <port> variable specifies the mirror port to which the monitored port traffic is copied.