Create an Ingress Group for a 9920 Device

An ingress group is a set of ports, port channels, and tunnels on which monitored traffic is received.

Before you begin

If necessary, create the port channel to associate with the ingress group. For more information, see Create a Port Channel.

If necessary, create the ingress policy to associate with the ingress group. For more information, see Create an Ingress Policy for a Device.

If necessary, create a mirror for the outer tunnel. For more information, see Configure a Traffic Mirror for 9920 Devices.

About this task

Ingress groups classify and apply policies on monitored traffic. After you create an ingress group, the group can be associated with an ingress policy.

Procedure

  1. In the Navigation menu, select Configure.
  2. In the Devices panel, select the device you want to configure.
  3. Select the Configurations tab.
  4. In the Device Config menu, select Add Ingress Group.
  5. In the Name field, enter a name for the group.
  6. In the Ports/Port Channels field, select at least one port or port channel for the group.
  7. In the Tunnel Type field, select the type of tunnel for the incoming traffic: GRE, GTPU, VXLAN, NVGRE, or IPIP.
  8. In the Tunnel ID field, select or enter a value that represents the tunnel ID.
    This field is not applicable for GRE and IPIP tunnels.
  9. In the Advance Scope section, select one of the following actions to apply to the incoming traffic.
    • Decap to remove the outer tunnel headers from the packet
    • Scope Shift to move the ACL scope for matching from the outer headers to the inner headers of a tunneled packet
    • None to perform neither action
  10. In the Policy Name field, select the ingress policy to associate with the group.
  11. (Optional) If you selected a tunnel type in step 7, configure the inner tunnel.
    • Destination IP: The IPv4 or IPv6 address of the device that is to receive the packets.
    • Destination Mask: The mask or prefix length for the destination IP address.
    • Source IP: The IPv4 or IPv6 address of the device that sends the packets.
    • Source Mask: The mask or prefix length for the source IP address.
  12. (Optional) If you selected a tunnel type in step 7, configure the outer tunnel.

    The outer tunnel configuration supports IPv4 addresses only.

    • Outer Tunnel Type: The type of tunnel for the incoming traffic: VXLAN.
    • Outer Tunnel ID: A value that represents the tunnel ID.
    • Outer Destination IP: The IPv4 address of the device that is to receive the packets.
    • Outer Destination Mask: The mask for the destination IP address.
    • Outer Source IP: The IPv4 address of the device that sends the packets.
    • Outer Source Mask: The mask for the source IP address.
    • Mirror: The mirror you configured in Configure a Traffic Mirror for 9920 Devices.
  13. Save () your selections.
    The Configurations tab displays a graphical representation of the ingress group and its associated policies and egress groups (also known as a service chain).
9037155-00 Rev AA