Configuration Guide User guide

ManualsBrandsBrocade ManualsComputer AccessoriesFastIron

991

992

993

994

995

996

997

998

999

1000

FastIron Configuration Guide 933

53-1002494-02

ACL-based inbound mirroring

Specify the port variable in one of the following formats:

• FWS, FCX, and ICX stackable switches – stack-unit/slotnum/portnum

• FSX 800 and FSX 1600 chassis devices – slotnum/portnum

• ICX devices – slotnum/portnum

• FESX compact switches – portnum

Ports from a port region must be mirrored to the same destination mirror port

Port regions, as described in “About port regions” on page 556, are important when defining a

destination mirror port. This is because all traffic mirrored from any single port in a port region is

mirrored to the same destination mirror port as traffic mirrored from any other port in the same

port region. For example, ports 1/1 to 1/12 are in the same port region. If you configure ports 1/1

and 1/2 to mirror their traffic, they should use the same destination mirror port as shown in the

following configuration.

Brocade(config)#interface ethernet 1/1

Brocade(config-if-e10000-1/1)#ACL-mirror-port ethernet 2/3

Brocade(config)#interface ethernet 1/2

Brocade(config-if-e10000-1/2)#ACL-mirror-port ethernet 2/3

If ports within the same port region are mirrored to different destination ports, the configuraton is

disallowed, and an error message is generated, as shown in the following example.

Brocade(config)#interface ethernet 1/1

Brocade(config-if-e10000-1/1)#ACL-mirror-port ethernet 4/3

Brocade(config)#interface ethernet 1/2

Brocade(config-if-e10000-1/2)#ACL-mirror-port ethernet 4/7

Error - Inbound Mirror port 4/3 already configured for port region 1/1 - 1/12

When a destination port is configured for any port within a port region, traffic from any ACL with a

mirroring clause assigned to any port in that port region is mirrored to that destination port. This

will occur even if a destination port is not explicitly configured for the port with the ACL configured.

In the following example, an ACL with a mirroring clause (101) is applied to a port (1/1). Another

port in the same region (1/3) has a destination port set (4/3). In this example, traffic generated

from operation of ACL 101 is mirrored to port 4/3 even though a destination port has not explicitly

been defined for traffic from port 1/1.

Brocade(config)#interface ethernet 1/1

Brocade(config-if-e10000-1/1)#ip access-group 101 in

Brocade(config)#interface ethernet 1/3

Brocade(config-if-e10000-1/3)#ACL-mirror-port ethernet 4/3

NOTE

If a destination mirror port is not configured for any ports within the port region where the

port-mirroring ACL is configured, the ACL does not mirror the traffic but the ACL is applied to traffic

on the port.

Specifying the destination mirror port for trunk ports

You can mirror the traffic that has been selected by ACL-based inbound mirroring from a trunk by

configuring a destination port for the primary port within the trunk configuration, as shown in the

following example.