OS10 Enterprise Edition User Guide Release 10.4.0E(R3)

PDF

Flow-based monitoring

Flow-based monitoring conserves bandwidth by inspecting only specified traffic instead of all interface traffic. Using flow-based monitoring, you can monitor only traffic received by the source port that matches criteria in ingress access-lists.

  1. Enable flow-based monitoring for a monitoring session in MONITOR-SESSION mode.
    flow-based enable
  2. Return to CONFIGURATION mode.
    exit
  3. Create an access list in CONFIGURATION mode.
    ip access-list 
                                           access-list-name
                                        
  4. Define access-list rules using seq, permit, and deny statements in CONFIG-ACL mode. The ACL rules describe the traffic you want to monitor. Flow monitoring is supported for IPv4 ACLs, IPv6 ACLs, and MAC ACLs.
    seq 
                                           sequence-number {deny | permit} {source [mask] | any | host 
                                           ip-address} [count [byte]] [fragments] [threshold-in-msgs 
                                           count] [capture session 
                                           session-id]
                                        
  5. Return to CONFIGURATION mode.
    exit
  6. Apply the flow-based monitoring ACL to the monitored source port in CONFIGURATION mode (up to 140 characters).
    ip access-group 
                                           access-list-name {in | out}
                                        

Enable flow-based monitoring

OS10(config)# monitor session 1
                                 OS10(conf-mon-local-1)# flow-based enable
                                 OS10(conf-mon-local-1)# exit
                                 OS10(config)# ip access-list ipacl1
                                 OS10(conf-ipv4-acl)# deny ip host 1.1.1.23 any capture session 1 count
                                 OS10(conf-ipv4-acl)# exit
                                 OS10(config)# mac access-list mac1
                                 OS10(conf-mac-acl)# deny any any capture session 1
                                 OS10(conf-mac-acl)# exit 
                                 OS10(config)# interface ethernet 1/1/9
                                 OS10(conf-if-eth1/1/9)# mac access-group mac1 in
                                 OS10(conf-if-eth1/1/9)# end
                                 OS10# show mac access-lists in
                                 Ingress MAC access-list mac1
                                 Active on interfaces :
                                 ethernet1/1/9
                                 seq 10 deny any any capture session 1 count (0 packets)
                              

Rate this content

Accurate
Useful
Easy to understand
Was this article helpful?
0/3000 characters
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please select whether the article was helpful or not.
  Comments cannot contain these special characters: <>()\