Users Guide

Table Of Contents
4. Define access-list rules using seq, permit, and deny statements in CONFIG-ACL mode. ACL rules describe the traffic to
monitor.
seq sequence-number {deny | permit} {source [mask] | any | host ip-address} [count
[byte]] [fragments] [threshold-in-msgs count] [capture session session-id]
5. Return to CONFIGURATION mode.
exit
6. Apply the flow-based monitoring ACL to the monitored source port in CONFIGURATION mode. The access list name can
have a maximum of 140 characters.
ip access-group access-list-name {in | out}
Enable flow-based monitoring
OS10(config)# monitor session 1
OS10(conf-mon-local-1)# flow-based enable
OS10(conf-mon-local-1)# exit
OS10(config)# ip access-list ipacl1
OS10(conf-ipv4-acl)# deny ip host 1.1.1.23 any capture session 1 count
OS10(conf-ipv4-acl)# exit
OS10(config)# mac access-list mac1
OS10(conf-mac-acl)# deny any any capture session 1
OS10(conf-mac-acl)# exit
OS10(config)# interface ethernet 1/1/9
OS10(conf-if-eth1/1/9)# mac access-group mac1 in
OS10(conf-if-eth1/1/9)# end
OS10# show mac access-lists in
Ingress MAC access-list mac1
Active on interfaces :
ethernet1/1/9
seq 10 deny any any capture session 1 count (0 packets)
Remote port monitoring on VLT
In a network, devices you configure with peer VLT nodes are considered as a single device. You can apply remote port
monitoring (RPM) on the VLT devices in a network.
In a failover case, the monitored traffic reaches the packet analyzer connected to the top-of-rack (ToR) through the VLT
interconnect link.
NOTE:
In VLT devices configured with RPM, when the VLT link is down, the monitored packets might drop for some time. The
time is equivalent to the VLT failover recovery time, the delay restore.
ERPM does not work on VLT devices.
RPM on VLT scenarios
Consider a simple VLT setup where two VLT devices are connected using VLTi and a top-of-rack switch is connected to both
the VLT peers using VLT LAGs in a ring topology. In this setup, the following table describes the possible scenarios when you
use RPM to mirror traffic.
NOTE: Ports that connect to the VLT domain, but not part of the VLT-LAG, are called orphan ports.
Table 36. RPM on VLT scenarios
Scenario Recommendation
Mirror an orphan port or VLT LAG or VLTi member port to a
VLT LAG. The packet analyzer connects to the ToR switch.
The recommended configuration on the peer VLT device:
1. Create an RPM VLAN.
!
interface vlan 100
560 Layer 2