4 vlan-acl troubleshooting, 5 introduction to mirror, Vlan-acl – PLANET XGS3-24040 User Manual

Page 512: Roubleshooting, Ntroduction to, Irror

Advertising
background image

Chapter 55 VLAN-ACL Configuration

55-4

3)

Configure the extended acl_b of IP, at any time it only allows to access resource within the internal

network (such as 192.168.1.255).

Switch(config)#ip access-list extended vacl_b

Switch(config-ip-ext-nacl-vacl_a)# permit ip any-source 192.168.1.0 0.0.0.255

Switch(config-ip-ext-nacl-vacl_a)# deny ip any-source any-destination

4)

Apply the configuration to VLAN

Switch(config)#vacl ip access-group vacl_a in vlan 1

Switch(config)#vacl ip access-group vacl_b in vlan 2

55.4 VLAN-ACL Troubleshooting

When VLAN ACL and Port ACL are configured at the same time, the principle of denying firstly is used.

When the packets match VLAN ACL and Port ACL at the same time, as long as one rule is drop, then the

final action is drop.

Each ACL of different types can only apply one on a VLAN, such as the basic IP ACL, each VLAN can

applies one only.

55.5 Introduction to Mirror

Mirror functions include port mirror function, CPU mirror function, flow mirror function.

Port mirror refers to the duplication of data frames sent/received on a port to another port. The duplicated port

is referred to as mirror source port and the duplicating port is referred to as mirror destination port. A protocol

analyzer (such as Sniffer) or a RMON monitor will be connected at mirror destination port to monitor and

manage the network, and diagnose the problems in the network.

CPU mirror function means that the switch exactly copies the data frames received or sent by the CPU to a

port. Flow mirror function means that the switch exactly copies the data frames received or by the specified

rule of a port to another port. The flow mirror will take effect only the specified rule is permit.

A chassis switch supports at most 4 mirror destination ports, each boardcard allows a source or destination

port of a mirror session. At present, each box switch can set many mirror sessions.For 5950 series box

switches, many mirror sessions are not supported by XGS3-24040-52T/XGS3-24040-52T-L.There is no

limitation on mirror source ports, one port or several ports is allowed. When there are more than one source

ports, they can be in the same VLAN or in different VLAN. The source port and destination port can be in

different VLAN.

box switch can't use CPU's rx mirror and port's tx mirror at the same time.

Advertising
Popular Brands
Popular manuals