API Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4148F-ON/S4148T-ON/S4148FE-ON

521

522

523

524

525

526

527

528

529

530

State Reason

-----------------------------------------------------------------------------------------

---------

6 ethernet1/1/2 remote-ip both port 1.1.1.1 3.3.3.3 63 16 35006

true Is UP

View running configuration of monitor session

OS10# show running-configuration monitor

monitor session 10 type erpm-source

source-ip 1.1.1.1 destination-ip 3.3.3.3

source interface ethernet1/1/2

no shut

Flow-based monitoring

Flow-based monitoring conserves bandwidth by inspecting only specified traffic instead of all interface traffic. Using flow-based

monitoring, you can monitor only traffic received by the source port that matches criteria in ingress access-lists (ACLs). IPv4

ACLs, IPv6 ACLs, and MAC ACLs support flow-based monitoring.

1. Enable flow-based monitoring for a monitoring session in MONITOR-SESSION mode.

flow-based enable

2. Return to CONFIGURATION mode.

exit

3. Create an access list in CONFIGURATION mode.

ip access-list access-list-name

4. Define access-list rules using seq, permit, and deny statements in CONFIG-ACL mode. ACL rules describe the traffic to

monitor.

seq sequence-number {deny | permit} {source [mask] | any | host ip-address} [count

[byte]] [fragments] [threshold-in-msgs count] [capture session session-id]

5. Return to CONFIGURATION mode.

exit

6. Apply the flow-based monitoring ACL to the monitored source port in CONFIGURATION mode. The access list name can

have a maximum of 140 characters.

ip access-group access-list-name {in | out}

Enable flow-based monitoring

OS10(config)# monitor session 1

OS10(conf-mon-local-1)# flow-based enable

OS10(conf-mon-local-1)# exit

OS10(config)# ip access-list ipacl1

OS10(conf-ipv4-acl)# deny ip host 1.1.1.23 any capture session 1 count

OS10(conf-ipv4-acl)# exit

OS10(config)# mac access-list mac1

OS10(conf-mac-acl)# deny any any capture session 1

OS10(conf-mac-acl)# exit

OS10(config)# interface ethernet 1/1/9

OS10(conf-if-eth1/1/9)# mac access-group mac1 in

OS10(conf-if-eth1/1/9)# end

OS10# show mac access-lists in

Ingress MAC access-list mac1

Active on interfaces :

ethernet1/1/9

seq 10 deny any any capture session 1 count (0 packets)

Layer 2

521