Configure ACEs for Mirroring

Before you begin

  • The ACL exists.

  • The ACE exists.

About this task

Configure actions to use filters for flow mirroring. Use an ACE to define the mirroring actions the filter performs.

If you use the mirror action, ensure that you specify the mirroring destination: IP address, MLTs, ports, or VLANs.

Procedure

  1. In the navigation pane, expand Configuration > Security > Data Path.
  2. Select Advanced Filters (ACE/ACLs).
  3. Select the ACL tab.
  4. Select the ACL for which to modify an ACE.
  5. Select ACE.
  6. Select an ACE, and then select Action.
  7. Configure one of: DstPortList, DstMltId, or DstIp.
  8. Select Apply.

Action Field Descriptions

Use the data in the following table to use the Action tab.

Note

Note

The table lists the options for both Security ACEs and QoS ACEs. Dependent upon the ACE, the system displays different options on the EDM interface.

Name

Description

AclId

Specifies the ACL ID.

AceId

Specifies the ACE ID.

Mode

Configures the action mode for security ACEs. The default value is deny.

RemarkDscp

Specifies the new Per-Hop Behavior (PHB) for matching packets: phbcs0, phbcs1, phbaf11, phbaf12, phbaf13, phbcs2, phbaf21, phbaf22, phbaf23, phbcs3, phbaf31, phbaf32, phbaf33, phbcs4, phbaf41, phbaf42, phbaf43, phbcs5, phbef, phbcs6, phbcs7.

This action is a QoS action.

RemarkDot1Priority

Specifies the new 802.1 priority bit for matching packets: zero, one, two, three, four, five, six, or seven.

This action is a QoS action.

Note:

This does not apply to IPv6 filtering.

InternalQoS

This variable is a QoS action. The default value is 1.

Note:

This does not apply to IPv6 filtering.

RedirectNextHop

Specifies the next-hop IPv4 address (a.b.c.d) or IPv6 address (aaaa:bbbb:cccc:dddd:eeee:ffff:gggg:hhhh) for redirect mode.

Applies to ingress ACLs (routed and Layer 2 packets).

Count

Enables the ability to count matching packets. Use this parameter with either a security or QoS ACE. The default is disabled.

DstPortList

Configures mirroring to a destination port or ports. This action is a security action.

DstMltId

Configures mirroring to a destination MLT. This action is a security action.

MonitoringIsidOffset

Configures the monitoring I-SID offset value. The offset ID is mapped to the actual monitor I-SID value to which the packets are mirrored.

MirroringQoS

Defines the Quality of Service (QoS) profiles for the mirrored packet into monitoring I-SID.