Configure ACE Actions to Mirror

Important

Important

Product Notice: VSP 8600 Series supports Policy Based Routing (Redirect Next Hop) Per VRF as a demo feature. Do not use this feature in production environments.

Configure actions to use filters for flow-based mirroring.

Before you begin

  • The access control entry (ACE) exists.

About this task

If you use the mirror action, ensure that you specify the mirroring destination: MLTs or ports.

Procedure

  1. Enter Global Configuration mode:

    enable

    configure terminal

  2. Configure actions for an ACE:

    filter acl ace action <1-2048> <1-2000> {permit|deny} monitor-dst-mlt <1–512>

    OR

    filter acl ace action <1-2048> <1-2000> {permit|deny} monitor-dst-ports {slot/port[/sub-port][-slot/port[/sub-port]][,...]}

  3. Ensure the configuration is correct:

    show filter acl action [<1-2048>] [<1-2000>]

Example

Switch:1> enable

Switch:1# configure terminal

Switch:1(config)# filter acl ace action 901 1 permit monitor-dst-mlt 5

Variable Definitions

The following table defines parameters for the filter acl ace action command.

Variable

Value

1-2048

Specifies the ACL ID from 1–2048

1-2000

Specifies the ACE ID from 1–2000.

monitor-dst-mlt <1–512>

Configures mirroring to a destination MLT group.

monitor-dst-ports {slot/port[/sub-port] [-slot/port[/sub-port]] [,...]}

Configures mirroring to a destination port or ports.

{permit|deny}

Configures the action mode for security ACEs. The default value is permit.
9037602-00 Rev AB