Configure ACLs for Mirroring
Configure the access control list (ACL) to mirror packets for an access control entry (ACE) that matches a particular packet.
Before you begin
The ACL exists.
About this task
To modify an ACL parameter, double-click the parameter you wish to change. Change the value, and then click Apply. You cannot change a parameter that the system displays it dimmed; in this case, delete the ACL, and then configure a new one.
Procedure
- In the navigation pane, expand .
- Click Advanced Filters (ACE/ACLs).
- Click the ACL tab.
- Double-click the parameterMirrorMltId to configure mirroring to a destination MLT group.
- Double-click the parameter MirrorDstPortList to configure mirroring to a destination port or ports.
ACL field descriptions
Use the data in the following table to use the ACL tab.
Name |
Description |
---|---|
AclId |
Specifies a unique identifier for the ACL. |
Type |
Specifies the ACL type. Valid options are
Important:
The inVlan ACLs drop packets if you add a VLAN after ACE creation. Important:
You can insert an inVsn ACL type for a Switched UNI only if the Switched UNI I-SID is associated with a platform VLAN. |
Name |
Specifies a descriptive user-defined name for the ACL. |
VlanList |
For inVlan ACL types, specifies all VLANs to associate with the ACL. |
PortList |
For inPort and outPort ACL types, specifies the ports to associate with the ACL. |
DefaultAction |
Specifies the action taken when no ACEs in the ACL match. Valid options are deny and permit, with permit as the default. Deny means the system drops the packets; permit means the system forwards packets. |
ControlPktAction |
Specifies the action taken for control packets. Valid options are deny and permit. |
State |
Enables or disables all of the ACEs in the ACL. The default value is enable. |
PktType |
Indicates the packet type to which this ACL applies. |
MirrorMltId |
Configures mirroring to a destination MLT. |
MirrorDstPortList |
Configures mirroring to a destination port or ports. |
MatchType |
For inVsn ACL types, specifies the match type to associate with
the ACL. Valid options are:
The default value is both |
Isid |
For inVsn ACL types, specifies the I-SID associated with the customer VLAN (Layer 2 VSN) or the customer VRF (Layer 3 VSN). This I-SID should already be configured on the fabric node. The InVSN Filter supports IP Shortcut traffic if the inVsn ACL match type is both. In this case, the I-SID is zero (0). Important:
You can specify a Switched UNI I-SID if the I-SID is associated with a platform VLAN. |
Origin |
Indicates the origin of the ACL:
|
DefaultSvcRate Note:
Exception: Only supported on VSP 4900 Series, VSP 7400 Series. |
Specifies the service rate limit in kbps {8-4000000000}.The granularity is 8 kbps. |
DefaultPeakRate Note:
Exception: Only supported on VSP 4900 Series, VSP 7400 Series. |
Specifies the value when exceeded causes packets to drop on ingress. Peak rate limit in kbps {8-4000000000}.The granularity is 8 kbps. |