How to Set VLAN Interface as Source for Port Monitoring on Dell Networking Force10 Switches


How to Set VLAN Interface as Source for Port Monitoring on Dell Networking Force10 Switches


This article discusses the steps needed to set up a VLAN as Source for port monitoring.


Overview

When using VLAN as the source on port monitoring you will have to configure flow-base monitoring to pass traffic to the destination port. You are allowed to use a VLAN interface as the source port in a regular port monitor setup. But, you will not receive any packets to the destination port. Flow-base monitor will allow you to select what traffic you want to monitor on the VLAN interface via an ACL that you create and then apply to the source.
Firmware 9.4 added support for flow-based monitoring on the S4810, S4820T, S6000, and Z9000 platforms



Commands Used to Set Up

On the port monitoring configure enter flow-base enable.
Commands Parameters
Dell# configure Enter configuration mode.
Dell(config)#monitor session 33 Start monitor session and label with session ID range <0-65535>
Dell(conf-mon-sess-33)#flow-based enable Turn on flow based monitoring
Dell(conf-mon-sess-33)#source vlan 10 destination te 0/20 direction rx Set the source port as VLAN 10 and destination port. Destination can be set for RX, TX, or Both

Create the ACL that controls what traffic is monitored on the source VLAN. This is just an example and the ACL can be modified to meet the needs of your particular situation.
Commands Parameters
Dell# configure Enter configuration mode.
Dell(conf)#ip access-list ext testflow Start the extended ACL and name it "testflow"
Dell(config-ext-nacl)#seq 10 permit ip 10.1.1.0/24 any monitor 33 Statement allowing network IP range for monitor session 33
Dell(config-ext-nacl)#seq 15 permit ip any any monitor 33 Statement allowing IP for monitor session 33
Dell(config-ext-nacl)#seq 20 permit tcp any any monitor 33 Statement allowing TCP for monitor session 33

Important: You must include the word monitor <#> in every ACL configuration line that you want to be filtered to the destination port. If "monitor" and the specific monitor session ID # is left out no traffic will be sent to the destination port.


Apply the ACL to the Source VLAN interface.

Command Parameters
Dell# configure Enter configuration mode.
Dell(conf)#interface vlan 10 Enter the VLAN interface.
Dell(conf-if-vl-10)#ip access-group testflow in Apply the "testflow" ACL you created to the interface.
Click Here If you have further questions about Port Monitoring / Mirroring on Dell Networking Force10 Switches. You will be redirected to another article discussing the process of configuring Port Monitoring.



Command Used to Verify


Verify the configuration on the VLAN Interface:

Dell# show run interface vlan 10
no ip address
ip access-group testflow in
no shutdown

Verify the access list:

Dell#show ip access-lists interface vlan 10 in
Extended Ingress IP access list testflow
seq 5 permit icmp any any monitor count bytes (0 bytes)
seq 10 permit ip 102.1.1.0/24 any monitor count bytes (0 bytes)
seq 15 deny udp any any count bytes (0 bytes)
seq 20 deny tcp any any count bytes (0 bytes)

Verify the monitor session details:

Dell# show monitor session 33
SessID Source Destination Dir Mode Source IP Dest IP DSCP TTL Drop Rate
------ ------ ----------- --- ---- --------- -------- ---- --- ---- ---
33 Vl 10 Te 0/20 rx Flow N/A N/A N/A N/A No N/A







Article ID: HOW12276

Last Date Modified: 09/14/2019 01:42 AM

Rate this article

Accurate
Useful
Easy to understand
Was this article helpful?
0/3000 characters
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\
characters left.