Dell Networking OS9: How to Set a Port Monitoring session source to a VLAN interface
Summary: Steps needed to set up a VLAN as Source for port monitoring on Dell Networking switches running OS9.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Instructions
Overview
When using a VLAN as the source for port monitoring, you have to configure flow-based monitoring to pass traffic to the destination port. Using a VLAN interface as the source port in a port monitor session is allowed, but will not receive any packets to the destination port. Flow-base monitoring allows the selection of the traffic to monitor on the VLAN interface. This occurs using an Access Control List (ACL) that you create and then apply to the source.
Commands Used to Set Up
On the port monitoring configuration, enter the flow-based enable command.
| Commands | Parameters |
Dell# configure |
Enter configuration mode. |
Dell(config)#monitor session 33 |
Start monitor session and label with session ID range <0-65535> |
Dell(conf-mon-sess-33)#flow-based enable |
Turn on flow based monitoring |
Dell(conf-mon-sess-33)#source vlan 10 destination te 0/20 direction rx |
Set the source port as VLAN 10 and destination port. Destination can be set for RX, TX, or Both. |
Create the ACL that controls what traffic is monitored on the source VLAN. This example ACL can be modified to meet the needs of your particular situation.
| Commands | Parameters |
Dell# configure |
Enter configuration mode. |
Dell(conf)#ip access-list ext testflow |
Start the extended ACL and name it "testflow" |
Dell(config-ext-nacl)#seq 10 permit ip 10.1.1.0/24 any monitor 33 |
Statement allowing network IP range for monitor session 33 |
Dell(config-ext-nacl)#seq 15 permit ip any any monitor 33 |
Statement allowing IP for monitor session 33 |
Dell(config-ext-nacl)#seq 20 permit tcp any any monitor 33 |
Statement allowing TCP for monitor session 33 |
Important: You must include the word monitor <#> in every ACL configuration line that you want to be filtered to the destination port. Without "monitor" and the specific monitor session ID #, no traffic is sent to the destination port.
Apply the ACL to the Source VLAN interface.
| Command | Parameters |
Dell# configure |
Enter configuration mode. |
Dell(conf)#interface vlan 10 |
Enter the VLAN interface. |
Dell(conf-if-vl-10)#ip access-group testflow in |
Apply the "testflow" ACL to the interface. |
Commands Used to Verify
Verify the configuration on the VLAN Interface:
Dell# show run interface vlan 10
no ip address
ip access-group testflow in
no shutdown
Verify the access list:
Dell#show ip access-lists interface vlan 10 in
Extended Ingress IP access list testflow
seq 5 permit icmp any any monitor count bytes (0 bytes)
seq 10 permit ip 102.1.1.0/24 any monitor count bytes (0 bytes)
seq 15 deny udp any any count bytes (0 bytes)
seq 20 deny tcp any any count bytes (0 bytes)
Verify the monitor session details:
Dell# show monitor session 33
SessID Source Destination Dir Mode Source IP Dest IP DSCP TTL Drop Rate
------ ------ ----------- --- ---- --------- -------- ---- --- ---- ----
33 Vl 10 Te 0/20 rx Flow N/A N/A N/A N/A No N/A
Affected Products
PowerSwitch S3048-ON, PowerSwitch S4048-ON, PowerSwitch S4810P, PowerSwitch S4810-ON, PowerSwitch S4820T, PowerSwitch S5000, PowerSwitch S6000, PowerSwitch S6000 ON, Force10 Z9000, Dell Networking Z9500, PowerSwitch S4048T-ON, PowerSwitch S5048F-ON
, PowerSwitch S6010-ON, PowerSwitch Z9100-ON
...
Article Properties
Article Number: 000121863
Article Type: How To
Last Modified: 18 Apr 2026
Version: 8
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.