acl-mirror

Defines a destination for ACL-based mirroring of a physical interface. This command will be deprecated in the future.

Syntax

acl-mirror source { ethernet slot / port | port-channel index | ve index } destination { ethernet slot / port | port-channel index }
no acl-mirror source { ethernet slot / port | port-channel index | ve index } destination { ethernet slot / port | port-channel index }

Command Default

No ACL mirror is defined.

Parameters

source
Specifies the interface for which you are defining a mirror.
ethernet
Specifies a physical Ethernet interface.
slot
Specifies a valid slot number. For devices that do not support linecards, specify 0.
port
Specifies a valid port number.
port-channel index
Specifies a valid port-channel interface number.
ve index
Specifies a valid virtual ethernet interface number.
destination
Specifies the physical-interface or port-channel mirror to use as the destination for mirroring.
ethernet
Specifies a physical Ethernet interface.
slot
Specifies a valid slot number. For devices that do not support linecards, specify 0.
port
Specifies a valid port number.
port-channel index
Specifies a port-channel interface.

Modes

Global configuration mode

Usage Guidelines

ACL mirroring applies to extended-ACL rules that include the mirror keyword.

ACL mirroring is supported only for ACLs applied to incoming traffic.

Only one destination mirror port is supported per source port.

There are parsing priorities among the copy-sflow, log, and mirror keywords, as follows:
  • Although in a standard-ACL rule you can include log and copy-sflow, only one of the two is processed, as follows:
    • In a permit rule, the order of precedence is copy-sflow > log.
    • In a deny or hard-drop rule, the order of precedence is log > copy-sflow.
  • Although in an extended-ACL rule you can include log, mirror, and copy-sflow, only one of the three is processed, as follows:
    • In a permit rule, the order of precedence is mirror > copy-sflow > log.
    • In a deny or hard-drop rule, the order of precedence is log > copy-sflow > mirror.

Only one destination port is supported per device.

To cancel an ACL mirroring destination, use the no form of this command.

Examples

The following example defines a physical port as the source port for mirroring. 

device# config term 
device(config)# acl-mirror source ethernet 0/1 destination ethernet 0/2

The following example defines a port-channel as the source for mirroring. 

device# configure
device(config)# acl-mirror source ethernet 0/1 destination port-channel 2

The following example defines a Virtual Ethernet port as the source for mirroring. 

device# config term
device(config)# acl-mirror source ve 99 destination port-channel 2

The following example displays the running config output for acl-mirror 

device# show running-config acl-mirror
acl-mirror source port-channel 10 destination ethernet 0/9
acl-mirror source ve 10 destination ethernet 0/9
9037772-00 Rev AA