Brocade Multi-Service IronWare Switching Configuration Guide (Supporting R05.6.00) User Manual

Page 49

Advertising
background image

Multi-Service IronWare Switching Configuration Guide

19

53-1003036-02

ACL-based inbound mirroring

1

The following considerations apply when configuring ACL-based mirroring with LAGs:

You must configure ACL-mirroring for an individual member port from the LAG configuration
level. Attempting to configure ACL-mirroring at the interface level for an individual member port
will fail and display the following message.

Error: please use config level to configure ACL based mirroring on port.

If an individual port is configured for ACL-based mirroring, you cannot add it to a LAG. If you
want to add it to a LAG, you must remove it from ACL-based mirroring first. Then you can add it
to a LAG. It can then be configured for either ACL-based LAG mirroring or for mirroring an
individual port within a LAG.
If you attempt to add a port that is configured for ACL-based mirroring to a LAG, the following
message will display.

ACL port is configured on port 2/1, please remove it and try again.

transaction failed: Config Vetoed

When a LAG with ACL-based mirroring configured on it is deleted or not deployed, the
ACL-based mirroring configuration is removed from each of the individual ports that made up
the LAG, including the primary port.

Configuring ACL-based mirroring for ACLs bound to
virtual interfaces

For configurations that have an ACL bound to a virtual interface, you must configure the
acl-mirror-port command on a port for each PPCR that is a member of the virtual interface. For
example, in the following configuration ports 4/1 and 4/2 share the same PPCR while port 4/3
uses another PPCR.

Brocade(config)# vlan 10

Brocade(config-vlan-10)# tagged ethernet 4/1 to 4/3

Brocade(config-vlan-10)# router-interface ve 10

Brocade(config)# interface ethernet 4/1

Brocade(config-if-e10000-4/1)# acl-mirror-port ethernet 5/1

Brocade(config)# interface ve 10

Brocade(config-vif-10)# ip address 10.10.10.254/24

Brocade(config-vif-10)# ip access-group 102 in

Brocade(config)# access-list 101 permit ip any any mirror

In this configuration, the acl-mirror-port command is configured on port 4/1 which is a member of
ve 10. Because of this, ACL-based mirroring will apply to VLAN 10 traffic that arrives on ports 4/1
and 4/2. It will not apply to VLAN 10 traffic that arrives on port 4/3 because that port uses a
different PPCR than ports 4/1 and 4/2. To make the configuration apply ACL-based mirroring to
VLAN 10 traffic arriving on port 4/3, you must add the following command to the configuration.

Brocade(config)# interface ethernet 4/3

Brocade(config-if-e10000-4/3)# acl-mirror-port ethernet 5/1

If the ve contains LAG ports, configuration of acl-mirror-port command on an individual LAG port will
also apply to other LAG ports that are in the same PPCR. For example, in the following configuration
the acl-mirror-port command is configured for LAG port 10/2, which is a member of ve.

Advertising
Popular Brands
Popular manuals