Connectivity Guide
OS10(conf-mac-acl)# deny any any capture session 1
OS10(conf-mac-acl)# exit
OS10(config)# interface ethernet 1/1/9
OS10(conf-if-eth1/1/9)# mac access-group mac1 in
OS10(conf-if-eth1/1/9)# end
OS10# show mac access-lists in
Ingress MAC access-list mac1
Active on interfaces :
ethernet1/1/9
seq 10 deny any any capture session 1 count (0 packets)
Remote port monitoring on VLT
In a network, devices you congure with peer VLT nodes are considered as a single device. You can apply remote port monitoring (RPM) on
the VLT devices in a network.
In a failover case, the monitored trac reaches the packet analyzer connected to the top-of-rack (ToR) through the VLT interconnect link.
NOTE:
• In VLT devices congured with RPM, when the VLT link is down, the monitored packets might drop for some time. The time is
equivalent to the VLT failover recovery time, the delay restore.
• ERPM does not work on VLT devices.
RPM on VLT scenarios
Consider a simple VLT setup where two VLT devices are connected using VLTi and a top-of-rack switch is connected to both the VLT peers
using VLT LAGs in a ring topology. In this setup, the following table describes the possible scenarios when you use RPM to mirror trac.
NOTE
: Ports that connect to the VLT domain, but not part of the VLT-LAG, are called orphan ports.
Table 15. RPM on VLT scenarios
Scenario Recommendation
Mirror an orphan port or VLT LAG or VLTi member port to a VLT
LAG. The packet analyzer connects to the ToR switch.
The recommended conguration on the peer VLT device:
1 Create a RPM VLAN
!
interface vlan 100
no shutdown
remote-span
!
2 Create an L2 ACL for the RPM VLAN - RPM session and
attach it to VLTi LAG interface.
!
mac access-list rpm
seq 10 permit any any capture session 10
vlan 100
!
interface ethernet 1/1/1
no shutdown
switchport access vlan 1
mac access-group rpm in
!
3 Create a ow-based RPM session on the peer VLT device to
monitor the VLTi LAG interface as the source.
!
monitor session 10 type rpm-source
destination remote-vlan 100
Layer 2
379