acl
To configure ACL-based traffic mirroring, use the acl command in monitor session configuration mode. To stop ACL-based traffic mirroring, use the no form of this command.
acl
Syntax Description
This command has no keywords or arguments.
Command Default
No default behavior or values
Command Modes
Monitor session configuration
Command History
Release |
Modification |
---|---|
Release 7.0.12 |
This command was introduced. |
Usage Guidelines
If you use the acl command, traffic is mirrored according to the definition of the global interface access list (ACL) defined in one of the following commands: ipv4 access-list , ipv6 access-list , ethernet-services access-list .
Even when the acl command is configured on the source mirroring port, if the ACL configuration command does not use the capture keyword, no traffic gets mirrored.
If the ACL configuration uses the capture keyword, but the acl command is not configured on the source port, although traffic is mirrored, no access list configuration is applied.
Examples
This example shows how to configure ACL-based traffic mirroring on the interface:
RP/0/RP0/CPU0:router(config)# monitor-session tm_example
RP/0/RP0/CPU0:router(config)# ethernet-services access-list tm_filter
RP/0/RP0/CPU0:router(config-es-acl)# 10 deny 0000.1234.5678 0000.abcd.abcd any capture
RP/0/RP0/CPU0:router(config-es-acl)# exit
RP/0/RP0/CPU0:router(config)# interface HundredGigabitEthernet0/2/0/0
RP/0/RP0/CPU0:router(config-if)# monitor-session tm_example direction rx-only
RP/0/RP0/CPU0:router(config-if)# acl
RP/0/RP0/CPU0:router(config-if-l2)# exit
RP/0/RP0/CPU0:router(config-if)# ethernet-services access-group tm_filter ingress
RP/0/RP0/CPU0:router(config-if)# end