Riverstone Networks WICT1-12 User Manual

Page 543

Advertising
background image

Riverstone Networks RS Switch Router User Guide Release 8.0 24-13

Access Control List Configuration

Using ACLs

Using Profile ACLs with the Port Mirroring Facility

Port mirroring refers to the RS’s ability to copy traffic on one or more ports to a “mirror” port, where an external
analyzer or probe can be attached. In addition to mirroring traffic on one or more ports, the RS can mirror traffic that
matches selection criteria defined in a Profile ACL.

For example, you can mirror all IGMP traffic on the RS. You use a Profile ACL to define the selection criteria (in this
example, all IGMP traffic). Then you use a

port mirroring

command to copy packets that match the selection

criteria to a specified mirror port. The following commands illustrate this example.

This command creates a Profile ACL called prof3 that uses as its selection criteria all IGMP traffic on the RS:

The following command causes packets matching Profile ACL prof3’s selection criteria (that is, all IGMP traffic) to
be copied to mirror port et.1.2.

See

Section 27.1, "Configuring the RS for Port Mirroring,"

for more information on using the

port mirroring

command.

Using Profile ACLs with the Web Caching Facility

Web caching is the RS’s ability to direct HTTP requests for frequently accessed Web objects to local cache servers,
rather than to the Internet. Since the HTTP requests are handled locally, response time is faster than if the Web objects
were retrieved from the Internet.

You can use Profile ACLs with Web caching in two ways:

Specifying which HTTP traffic should always (or never) be redirected to the cache servers

Specifying characteristics of Web objects that should not be cached

You can use a Profile ACL to specify which HTTP traffic should always (or never) be redirected to the cache servers.
(By default, when Web caching is enabled, all HTTP traffic from all hosts is redirected to the cache servers unless you
specify otherwise.)

For example, you can specify that packets with a source address of 10.10.10.10 and a destination address of 1.2.3.4
always are sent to the Internet and never to the cache servers. The following commands illustrate this example.

This command creates a Profile ACL called prof4 that uses as its selection criteria all packets with a source address of
10.10.10.10 and a destination address of 1.2.3.4 :

rs(config)#

acl prof3 permit igmp

rs(config)#

port mirroring monitor-port et.1.2 target-profile prof3

rs(config)#

acl prof4 permit ip 10.10.10.10 1.2.3.4

Advertising
Popular Brands
Popular manuals