Reference Guide

ManualsBrandsDell ManualsserversDell Force10 E600i

761

762

763

764

765

766

767

768

769

770

Port Monitoring | 769

Figure 41-3. Port Monitoring Example

Flow-based Monitoring

Flow-based Monitoring is supported only on platform e

Flow-based monitoring conserves bandwidth by monitoring only specified traffic instead all traffic on the

interface. This feature is particularly useful when looking for malicious traffic. It is available for Layer 2

and Layer 3 ingress and egress traffic. You may specify traffic using standard or extended access-lists.

To configure flow-based monitoring:

View an access-list that you applied to an interface using the command

show ip accounting access-list

from EXEC Privilege mode, as shown in the following example.

Step Task Command Syntax Command Mode

4 Enable flow-based monitoring for a monitoring session. flow-based enable MONITOR SESSION

5 Define in an access-list rules that include the keyword

monitor. FTOS only considers for port monitoring traffic

matching rules with the keyword monitor.

Refer to Chapter 10, IP Access Control Lists (ACL),

Prefix Lists, and Route-maps.

ip access-list CONFIGURATION

6 Apply the ACL to the monitored port. Refer to Chapter 10,

IP Access Control Lists (ACL), Prefix Lists, and

Route-maps.

ip access-group

access-list

INTERFACE

1/2

1/1

Host

Sniffer

Server

1/3

TOS(conf-if-gi-1/2)#show config

nterface GigabitEthernet 1/2

no ip address

no shutdown

TOS(conf)#monitor session 0

TOS(conf-mon-sess-0)#source gig 1/1 destination gig 1/2 direction rx

Server Traffic

Host Traffic

Port Monitoring 001