Filter Message Header

About this task

Perform this procedure to filter IPGRE, nvGRE, VXLAN, IPIP, or GTPu message headers.

Configure the ingress group with the required ingress ports.
Configure the required IPv4 or IPv6 ACL settings to filter IPGRE, nvGRE, VXLAN, IPIP, or GTPu message headers.
- Use the L4 port 132 to filter SCTP packets.
- Extreme 9920 software, release 21.1.1.0 supports outer VXLAN headers.
- To configure packet mirroring for VXLAN frames, go to step 3. Otherwise, proceed to step 4.
Optional: Configure packet mirroring for VXLAN frames.
1. Enable mirror configuration.
```
device(config)# mirror mirr_1
device(config-mirror)#
```
2. Configure the mirror destination port in slot/port format.
```
device(config-mirror)# set interface ethernet NAME
```
Set ACL filtering in the route-map.
Apply the route-map policy to the ingress group.
Send traffic flows to the DUT.
- The configured GTP, SCTP, or VXLAN message header is dropped based on ACL configured in the route-map.
- The non-filtered traffic is forwarded to the egress port/egress group.
Verify the CLI statistics of ingress group to determine the number of packets or flows received and dropped.
Verify the CLI statistics of egress port or egress group to determine the number of non-filtered packets or flows forwarded.
Verify the CLI statistics of UDA ACL matches the number of packets/flows dropped.
Verify that the packets matching the UDA ACL are not forwarded in egress groups and only non-filtered packets are received by validating or capturing the wired PCAP collected in the analytical tools.