[f-nsp] Outbound ACL Mirroring
Brad Fleming
bdflemin at gmail.com
Mon Nov 15 23:35:07 EST 2010
Is it possible to mirror outbound / egress packets via ACL on an XMR
with 5.1.00b?
I'm guessing not since I see no outbound ACL reference in the config
guide and some quick testing in the lab yields unfavorable results.
Thought I'd hit this mailing list in case I'm missing something simple.
For reference, this is not working:
!
interface ethernet 4/4
ip access-group example_in in
ip access-group example_out out
acl-mirror-port ethernet 1/11
!
ip access-list extended example_in
permit ip host 192.168.1.192 any mirror
permit ip host 192.168.1.194 any mirror
permit ip any any
!
ip access-list extended example_out
permit ip any host 192.168.1.192 mirror
permit ip any host 192.168.1.194 mirror
permit ip any any
!
But there's traffic matching my mirror entries on the egress ACL:
telnet at name(config-if-e10000-4/4)#show acc account ethe 4/4 out
Outbound: ACL example
Collecting ACL accounting for 4/4 ... Completed successfully.
2: permit ip any any
Hit count: (1 sec) 1 (1
min) 30
(5 min) 156
(accum) 523
0: permit ip any host 192.168.1.192 mirror
Hit count: (1 sec) 0 (1
min) 22
(5 min) 110
(accum) 364
1: permit ip any host 192.168.1.194 mirror
Hit count: (1 sec) 0 (1
min) 0
(5 min) 0
(accum) 9
telnet at name(config-if-e10000-4/4)#
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/foundry-nsp/attachments/20101115/e3805bab/attachment.html>
More information about the foundry-nsp
mailing list