Enabling L2 ACL rules for mirroring

ACL-based inbound mirroring applies to extended-ACL rules that include the mirror keyword.

  1. Enter configure to access global configuration mode. 
    device# configure
  2. Enter the mac access-list extended command to create or access the ACL. 
    device(config)# mac access-list extended mac_ac12
  3. In each rule for which you need to enable mirroring, include the mirror keyword. 
    device(conf-macl-ext)# seq 5 permit host 0022.3333.4444 host 0022.3333.5555 mirror
device(conf-macl-ext)# deny host 0022.3333.7777 host 0022.3333.6666 mirror
  4. Apply the ACL that you created to the appropriate physical interface, specifying the in keyword. 
    device(config)# interface ethernet 2/1
device(conf-if-eth-2/1)# mac access-group mac_acl2 in
9036874-00 Rev AA