Configuring inbound ACL-based mirroring to the insight interface

Follow these steps to configure inbound ACL-based mirroring.

1. Enter global configuration mode.
   

   device# configure terminal
   

2. Create an extended Layer 2 ACL.
   

   device(config)# mac access-list extended macl
   

3. Configure the Layer 2 ACL for mirroring.
   

   device(conf-macl-ext)# seq 10 permit host 0010.9400.0010 host 0010.9400.0014 vlan 20 count mirror 
   device(conf-macl-ext)# seq 20 permit host 0010.9400.0011 host 0010.9400.0015 vlan 20 count mirror 
   device(conf-macl-ext)# seq 30 permit host 0010.9400.0012 host 609c.9f01.58cb vlan 21 count mirror 
   device(conf-macl-ext)# seq 40 permit host 0010.9400.0013 host 609c.9f01.58cb vlan 22 count mirror
   device(conf-macl-ext)# seq 50 permit any any count mirror  
   

4. Return to global configuration mode.
   

   device(conf-macl-ext)# exit
   

5. Create an extended IPv4 ACL.
   

   device(config)# ip access-list extended ipv4acl
   

6. Configure the IPv4 ACL for mirroring.
   

   device(conf-ipv4acl-ext)# seq 10 permit ip host 11.12.13.14 any count mirror
   

7. Return to global configuration mode.
   

   device(conf-ipv4acl-ext)# exit
   

8. Associate the ACL destination mirror port.
   

   device(config)# acl-mirror source ethernet 0/1 destination port-channel 1
   

9. Enter configuration mode for the source mirror port.
   

   device(config)# interface ethernet 0/4
   

10. Bind the Layer 3 IP ACL to the source mirror port.
    1. Bind the Layer 2 ACL to the source mirror port.
       

       device(conf-if-eth-0/1)# mac access-group mac1 in
       

    2. Bind the IPv4 ACL to the source mirror port.
       

       device(conf-if-eth-0/1)# ip access-group ipv4acl in
       

11. Return to privileged exec mode.
    

    device(conf-if-eth-0/1)# end
    

12. Verify the configuration.
    

    device# show statistics access-list interface ethernet 0/1 in
    mac access-list macl on Ethernet 0/1 at Ingress (From User)
        seq 10 permit host 0010.9400.0010 host 0010.9400.0014 vlan 20 count mirror (105555094236 frames)
        seq 20 permit host 0010.9400.0011 host 0010.9400.0015 vlan 20 count mirror (105555103123 frames)
        seq 30 permit host 0010.9400.0012 host 609c.9f01.58cb vlan 21 count mirror (105555072247 frames)
        seq 40 permit host 0010.9400.0013 host 609c.9f01.58cb vlan 22 count mirror (105555083432 frames)
        seq 50 permit any any count mirror (0 frames)
    

13. Save the configuration.
    

    device# copy running-config startup-config
    

Inbound ACL-based mirroring to the insight interface configuration example (Layer 2)

device# configure terminal
device(config)# mac access-list extended macl
device(conf-macl-ext)# seq 10 permit host 0010.9400.0010 host 0010.9400.0014 vlan 20 count mirror 
device(conf-macl-ext)# seq 20 permit host 0010.9400.0011 host 0010.9400.0015 vlan 20 count mirror 
device(conf-macl-ext)# seq 30 permit host 0010.9400.0012 host 609c.9f01.58cb vlan 21 count mirror 
device(conf-macl-ext)# seq 40 permit host 0010.9400.0013 host 609c.9f01.58cb vlan 22 count mirror
device(conf-macl-ext)# seq 50 permit any any count mirror  
device(conf-macl-ext)# exit
device(config)# acl-mirror source ethernet 0/1 destination port-channel 1
device(config)# interface ethernet 0/1
device(conf-if-eth-0/1)# mac access-group mac1 in
device(conf-if-eth-0/1)# end
device# show statistics access-list interface ethernet 0/1 in
device# copy running-config startup-config

Note

Only the Layer 2 ACL creation is shown in this example.