acl-mirror
Defines a destination for ACL-based
mirroring of a physical interface.
Syntax
acl-mirror
source ethernet
slot
/
port
destination
{
ethernet
slot
/
port
|
port-channel
index
}
no acl-mirror
source ethernet
slot
/
port
destination
{
ethernet
slot
/
port
|
port-channel
index
}
Command Default
No ACL mirror is defined.
Parameters
- source
- Specifies the interface for which you are defining a mirror.
-
ethernet
- Specifies a physical Ethernet interface.
- slot
- Specifies a
valid slot number. For devices that do not support linecards,
specify 0.
- port
- Specifies a valid
port number.
- destination
- Specifes the physical-interface or
port-channel mirror.
-
ethernet
- Specifies a physical Ethernet interface.
- slot
- Specifies a valid slot number. For devices
that do not support linecards, specify
0.
- port
- Specifies a valid port number.
-
port-channel
index
- Specifies a port-channel interface.
Modes
Global configuration mode
Usage Guidelines
ACL mirroring applies to extended-ACL rules that include the
mirror keyword.
ACL mirroring is supported only for ACLs applied to incoming traffic.
Only one destination mirror port is
supported per source port.
There are parsing priorities among the
copy-sflow,
log, and
mirror
keywords, as follows:
- Although in a standard-ACL rule you
can include log and copy-sflow,
only one of the two is processed, as follows:
- In a permit rule, the order
of precedence is copy-sflow > log.
- In a deny or hard-drop
rule, the order of precedence is log
> copy-sflow.
- Although in an extended-ACL rule
you can include log, mirror, and copy-sflow,
only one of the three is processed, as follows:
- In a permit rule, the order
of precedence is mirror
> copy-sflow > log.
- In a deny or hard-drop
rule, the order of precedence is log
> copy-sflow > mirror.
Only one destination port is supported per
device.
To cancel an ACL mirroring destination, use the
no form of this command.
Examples
The following example defines a physical port as mirror.
device# configure
device(config)# acl-mirror source ethernet 0/1 destination ethernet 0/2
The following example defines a port-channel as mirror.
device# configure
device(config)# acl-mirror source ethernet 0/1 destination port-channel 2
