Configure ACE Actions to Mirror

Configure actions to use filters for flow-based mirroring.

Before you begin

  • The access control entry (ACE) exists.

About this task

If you use the mirror action, ensure that you specify the mirroring destination: MLTs or ports.

Procedure

  1. Enter Global Configuration mode:

    enable

    configure terminal

  2. Configure actions for an ACE:

    filter acl ace action <1-2048> <1-2000> {permit|deny} monitor-dst-mlt <1–512>

    OR

    filter acl ace action <1-2048> <1-2000> {permit|deny} monitor-dst-ports {sub-port]][,...][slot/all][all]}

  3. Ensure the configuration is correct:

    show filter acl action [<1-2048>] [<1-2000>]

Example

Switch:1>enable
Switch:1#configure terminal
Switch:1(config)#filter acl ace action 901 1 permit monitor-dst-mlt 5

Variable Definitions

The following table defines parameters for the filter acl ace action command.

Variable

Value

1-2048

Specifies the ACL ID from 1–2048

1-2000

Specifies the ACE ID from 1–2000.

monitor-dst-mlt <1–512>

Configures mirroring to a destination MLT group.

monitor-dst-ports {slot/port[/sub-port][-slot/port[/sub-port]][,...][slot/all][all]}

Configures mirroring to a destination port or ports.

{permit|deny}

Configures the action mode for security ACEs. The default value is permit.