Configure ACLs for Mirroring

Configure the access control list (ACL) to mirror packets for an access control entry (ACE) that matches a particular packet.

Before you begin

  • The ACL exists.

About this task

To modify an ACL parameter, double-click the parameter you wish to change. Change the value, and then click Apply. You cannot change a parameter that appears dimmed; in this case, delete the ACL, and then configure a new one.

Procedure

  1. In the navigation pane, expand Configuration > Security > Data Path.
  2. Click Advanced Filters (ACE/ACLs).
  3. Click the ACL tab.
  4. Double-click the parameterMirrorMltId to configure mirroring to a destination MLT group.
  5. Double-click the parameter MirrorDstPortList to configure mirroring to a destination port or ports.

ACL Field Descriptions

Use the data in the following table to use the ACL tab.

Name

Description

AclId

Specifies a unique identifier for the ACL from 1–2048.

Type

Specifies whether the ACL is VLAN- or port-based. Valid options are

  • inVlan

  • inPort

  • outPort

Important:

The inVlan ACLs drop packets if you add a VLAN after ACE creation.

Name

Specifies a descriptive user-defined name for the ACL.

VlanList

For inVlan type, specifies all VLANs to associate with the ACL.

PortList

For inPort and outPort ACL types, specifies the ports to associate with the ACL.

DefaultAction

Specifies the action taken when no ACEs in the ACL match. Valid options are deny and permit. Deny means the system drops the packets; permit means the system forwards packets. The default is permit.

ControlPktAction

Specifies the action for control packets, if you configure DefaultAction to deny. If DefaultAction is permit, this value is ignored.

State

Enables or disables all of the ACEs in the ACL. The default value is enable.

PktType

Indicates the packet type that this ACL is applicable to. The default is IPv4.

MirrorMltId

Configures mirroring to a destination MLT group.

MirrorDstPortList

Configures mirroring to a destination port or ports.