Configure 802.1BR Tag-Stripping

Follow this procedure to strip 802.1BR tags to support the encapsulation type expected by your traffic-analysis tools.

About this task

The vn-tag cannot be enabled if the br-tag is already enabled in the same listener policy.
If a tunneled frame has an 802.1BR tag in the outer L2 header, VXLAN, NVGRE, or GTP header-stripping also deletes the 802.1BR tag.

Procedure

Enter the Config mode.
The command line changes to the configuration mode.
```
device(config)# 
```
Configure an ACL of type IPv4, IPv6, or MAC and any actions.
```
device(config)# ip access-list acl5-ipv4
device(config-ip-acl)# seq 10 permit ip any any count
```
The specified ACL and configured actions are bound to a listener policy.

Create the listener policy, including any action subcommands for the policy.

Note

A listener policy supports only one IPv4 ACL, IPv6 ACL, or MAC ACL.

device(config)# listener-policy lp-2 24
device(config-listener-policy)# match ip access-list acl5-ipv4
device(config-listener-policy)# strip br-tag
device(config-listener-policy)# description "Strips 802.1BR tags"

Configure an egress policy, and bind the listener policy, specifying any additional egress actions.

Note

An egress can be associated with only one listener policy.

device(config)# egress e2
device(config-egress)# set listener-policy lp-2
device(config-egress)# description DirectTool
device(config-egress)# set encap encap-1 
device(config-egress)# precedence 1 interface ethernet 1/14

Configure an egress group and associate it with the egress policy.

device(config)# egress-group eg_1 
device(config-egress-group)# description e-group_1
device(config-egress-group)# set egress e2

Configure the route-map and set any other parameters, such as forwarding actions, match IP access list, and the egress-group.

Note
A route-map policy supports only one match-ACL per layer.
```
device(config)# route-map R1 10 
device(config-route-map)# match ip access-list acl5-ipv4
device(config-route-map)# set egress-group eg_1
device(config-route-map)# forward-action permit
```
Configure an ingress group and associate a route map.

Note
An ingress group can be associated with only one route map.
```
device(config)# ingress-group TAP_TRAFFIC
device(config-ingress-group)# set route-map R1
```
Configure the interface port and channel for ingress traffic.
Note
In the following example, traffic is coming in on slot/port number 2/3.
```
interface ethernet 2/3
description From_TAP
set ingress-group TAP_TRAFFIC
no shutdown
```
Configure the interface port and channel for egress traffic.
Note
In the following example, traffic is leaving on slot/port number 2/14.
```
interface ethernet 2/14
speed 100000
description To_Tool
no shutdown
```