Manualshelf

Addendum

ManualsBrandsDell ManualsComputer equipmentForce10 Z9000
81828384858687888990
Enabling Flow-Based Monitoring
Flow-based monitoring is supported on the S4810, S4820T, S6000, Z9000, I/O Aggregator, and MXL
platforms.
Flow-based monitoring conserves bandwidth by monitoring only specified traffic instead all traffic on the
interface. This feature is particularly useful when looking for malicious traffic. It is available for Layer 2 and
Layer 3 ingress and egress traffic. You may specify traffic using standard or extended access-lists.
1. Enable flow-based monitoring for a monitoring session.
MONITOR SESSION mode
flow-based enable
2. Define in access-list rules that include the keyword monitor. FTOS only considers for port
monitoring traffic matching rules with the keyword monitor.
CONFIGURATION mode
ip access-list
Refer to Access Control Lists (ACLs).
3. Apply the ACL to the monitored port.
INTERFACE mode
ip access-group access-list
To view an access-list that you applied to an interface, use the show ip accounting access-list
command from EXEC Privilege mode.
Example of the flow-based enable Command
FTOS(conf)#monitor session 0
FTOS(conf-mon-sess-0)#flow-based enable
FTOS(conf)#
ip access-list ext testflow
FTOS(config-ext-nacl)#seq 5 permit icmp any any count bytes monitor
FTOS(config-ext-nacl)#seq 10 permit ip 102.1.1.0/24 any count bytes monitor
FTOS(config-ext-nacl)#seq 15 deny udp any any count bytes
FTOS(config-ext-nacl)#seq 20 deny tcp any any count bytes
FTOS(config-ext-nacl)#exit
FTOS(conf)#interface gig 1/1
FTOS(conf-if-gi-1/1)#ip access-group testflow in
FTOS(conf-if-gi-1/1)#show config
!
interface GigabitEthernet 1/1
ip address 10.11.1.254/24
ip access-group testflow in
shutdown
FTOS(conf-if-gi-1/1)#exit
FTOS(conf)#do show ip accounting access-list testflow
!
Extended Ingress IP access list testflow on GigabitEthernet 1/1
Total cam count 4
seq 5 permit icmp any any monitor count bytes (0 packets 0 bytes)
seq 10 permit ip 102.1.1.0/24 any monitor count bytes (0 packets 0 bytes)
seq 15 deny udp any any count bytes (0 packets 0 bytes)
seq 20 deny tcp any any count bytes (0 packets 0 bytes)
FTOS(conf)#do show monitor session 0
SessionID Source Destination Direction Mode Type
--------- ------ ----------- --------- ---- ----
0 Gi 1/1 Gi 1/2 rx interface Flow-based
84
Access Control Lists