Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S6000

631

632

633

634

635

636

637

638

639

640

Extended Ingress IP access list testflow on TenGigabitEthernet 1/1

Total cam count 4

seq 5 permit icmp any any 53 monitor 53 count bytes (0 packets 0 bytes)

seq 10 permit ip 102.1.1.0/24 any monitor 53 count bytes (0 packets 0 bytes)

seq 15 deny udp any any count bytes (0 packets 0 bytes)

seq 20 deny tcp any any count bytes (0 packets 0 bytes)

DellEMC(conf)#do show monitor session 0

SessionID Source Destination Direction Mode Type Source IP Dest IP DSCP TTL

Drop Rate Gre-Protocol FcMonitor

--------- ------ ----------- --------- ---- ---- --------- -------- ---- ---

---- ---- ----------- ---------

0 Te 1/1 Te 1/2 rx interface Flow-based 0.0.0.0 0.0.0.0 0 0

No N/A N/A yes

The following is sample configuration for flow-based mirroring with ACLs applied to monitor sessions.

monitor session 16383 type erpm

ip access-group acl3

source Port-channel 10 direction rx

erpm source-ip 20.20.20.1 dest-ip 8.1.1.2 gre-protocol 65535

flow-based enable

no disable

DellEMC#show run acl

ip access-list extended acl2

seq 10 permit tcp any 2.1.1.0/24 lt 140 count bytes monitor

ip access-list extended acl3

seq 15 permit udp 4.1.1.0/24 any neq 150 count bytes monitor

ip access-list extended acl4

seq 20 permit ip any any count bytes monitor

DellEMC(conf)#do show ip access-lists in

Extended Ingress IP access list acl3

seq 15 permit udp 4.1.1.0/24 any neq 150 monitor count bytes (6400 bytes)

DellEMC(conf)#

DellEMC(conf)#do show ip accounting access-list

Extended Ingress IP mirror access list acl3 on TenGigabitEthernet 1/1

Total cam count 16

seq 15 permit udp 4.1.1.0/24 any neq 150 monitor count bytes (6400 bytes)

Configuring IPv6 Flow-Based Mirroring

This section describes how to configure IPv6 flow-based mirroring in the monitor session.

You can configure IPv6 flow-based mirroring under monitor session. The IPv6 flow-based mirroring is supported in SPAN, RSPAN,

and ERSPAN monitor sessions. By default, all mirror ACLs is considered as implicit permit. . The Dell EMC Networking OS creates a new

dedicated CAM region ipv6mirracl for IPv6 mirror ACL, which does not have any impact on IPv6 user ACL. The IPv6 mirror ACL

region priority is less than IPv6 user ACL region, so that the traffic matching the user ACL takes priority in permit/deny action. Both IPv4

and IPv6 mirror ACLs can co-exist in a monitor session.

Pre-requisite

• Allocate a CAM region using the following command.

cam-acl l2acl number ipv4acl number ipv6acl number ipv4qos number l2qos number l2pt number

ipmacacl number vman-qos number [ipv6mirracl number]

NOTE:

If you configure IPv6 mirroring without configuring ipv6mirracl CAM region, following error message appears.

% Error: IPv6 Mirror-Access-list not supported on this CAM profile. Please remove the ipv6

access-group.

Port Monitoring 631