Manualshelf

Concept Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S3048-ON
641642643644645646647648649650
show run monitor session
DellEMC#show run monitor session
!
monitor multicast-queue 7
DellEMC#
Enabling Flow-Based Monitoring
Flow-based monitoring conserves bandwidth by monitoring only specied trac instead of all trac on the interface. This feature is
particularly useful when looking for malicious trac. It is available for Layer 3 ingress trac. You can specify trac using standard or
extended access-lists.
NOTE: Flow-based monitoring is supported for known unicast egress trac.
1 Create a monitoring session.
CONFIGURATION mode
monitor session session-id
2 Enable ow-based monitoring for a monitoring session.
MONITOR SESSION mode
flow-based enable
3 Specify the source and destination port and direction of trac.
MONITOR SESSION mode
source source—port destination destination-port direction rx
4 Dene IP access-list rules that include the monitor keyword. For port monitoring, Dell EMC Networking OS only considers trac
matching rules with the monitor keyword.
CONFIGURATION mode
ip access-list
To dene access lists, see the Access Control Lists (ACLs) chapter.
5 Allocate a CAM region so that you can apply the ACL you created to the monitoring session.
CONFIGURATION mode
cam-acl l2acl number ipv4acl number ipv6acl number ipv4qos number l2qos number l2pt number
ipmacacl number vman-qos number ipv4mirracl number
6 Apply the ACL to the monitored port.
MONITOR SESSION mode
ip access-group access-list-name
Example of the flow-based enable command with ACL applied on the interface
To view an access-list that you applied to an interface, use the show ip accounting access-list command from EXEC Privilege
mode.
DellEMC(conf)#monitor session 0
DellEMC(conf-mon-sess-0)#flow-based enable
DellEMC(conf)#ip access-list ext testflow
DellEMC(config-ext-nacl)#seq 5 permit icmp any any count bytes monitor
DellEMC(config-ext-nacl)#seq 10 permit ip 102.1.1.0/24 any count bytes monitor
DellEMC(config-ext-nacl)#seq 15 deny udp any any count bytes
DellEMC(config-ext-nacl)#seq 20 deny tcp any any count bytes
DellEMC(config-ext-nacl)#exit
DellEMC(conf)#interface gigabitethernet 1/1
DellEMC(conf-if-gi-1/1)#ip access-group testflow in
Port Monitoring
645