Powerconnect 6248 flow-based port mirroring

The goal is to mirror traffic between different network sections (LAN, DMZ, WAN) to an IPS/IDS sensor. I'd like to use simple port mirroring but PowerConnect 6248 only supports single port mirror session, albeit it can mirror from multiple source ports to a single destination port but I risk the chance of packet loss due to overflow. So my only choice with the 6248 is the flow-based mirroring and mirror the traffic based on the mac/IP address of the firewall and various networks. Does it sound like the correct approach?

I have tried these steps from the admin guide but I am not seeing any traffic mirrored. And it's unclear to me if the QoS policy needs to applied to the switch ports or just to the Flow Based mirroring configuration?

thanks

David

i can only post the related config contentions. I have also tried matching by IP (192.168.1.0 255.255.255.0) and vlanID. 

class-map match-all SourceMacAddress ipv4
match source-address mac AABB.CCDD.EEFF 0000.0000.0000
exit
policy-map FlowMirrorPolicy1 in
class SourceMacAddress
mirror 2/g47
exit

interface ethernet 2/g47
spanning-tree disable
mtu 9216
exit

yes, diffserv is enabled: 

Switch#show diffserv

DiffServ Admin Mode............................ Enable
Class Table Size Current/Max................... 1 / 32
Class Rule Table Size Current/Max.............. 1 / 192
Policy Table Size Current/Max.................. 1 / 64
Policy Instance Table Size Current/Max......... 1 / 768
Policy Attribute Table Size Current/Max........ 1 / 2304
Service Table Size Current/Max................. 0 / 672

Switch#show diffserv service interface ethernet 2/g47 in

DiffServ Admin Mode............................ Enable
Interface......................................
Direction...................................... In
No policy is attached to this interface in this direction.

I used a Dell D430 laptop running Wireshark to capture traffic. I could capture traffic on the same port with standard port mirror configuration but not with the flow-based mirror. 

But logically the destination port 2/g47 should not have any policy attached, otherwise all ports on the switch would need the policy attached in order for this to work. And that would limit the flow-based mirroring to single policy as well unless we can attach multiple policy to a single interface. 

The monitor command does not allow policy name as source. 

Is it possible for you to duplicate the setup in your environment to verify if flowed-based mirror actually works on PowerConnect 62xx series?

thanks

David

Enabling service-policy on the interfaces worked. However, I am only allowed to create one destination port. Here's what I have tried: 

Single policy with multiple class-map statements

1. Each class-map contains different match statements (i.e. network id, vlan, etc)

2. Only one mirror statement is allowed in the policy. The command line rejects any additional mirror statement. 

Multiple policies, each policy contains a single class-map statement

1. Each policy-map contains distinct mirror statement (i.e. unique destination port)

2. Only one policy is allowed to be applied to the switch ports. For example, if I applied policyOne on switch port 1/g1, applying policyTwo on switch port 1/g2 is rejected. 

I think it's just the limitation of the switch, although not clearly stated in the documentation.