Reference Guide

When a packet arrives at a monitored port, the packet validates against the congured ACL rules. If the packet matches an ACL rule, the
system examines the corresponding ow processor and performs the action specied for that port. If the mirroring action is set in the ow
processor entry, the port details are sent to the destination port.
Flow-based mirroring
Flow-based mirroring is a mirroring session in which trac matches specied policies that are mirrored to a destination port. Port-based
mirroring maintains a database that contains all monitoring sessions, including port monitor sessions. The database has information
regarding the sessions that are enabled or not enabled for ow-based monitoring. Flow-based mirroring is also known as policy-based
mirroring.
To activate ow-based mirroring, use the flow-based enable command. Trac with particular ows that are traversing through the
ingress interfaces are examined. Appropriate ACL rules apply in the ingress direction. By default, ow-based mirroring is not enabled.
To enable the evaluation and replication of trac traversing to the destination port, congure the monitor option with the permit, deny,
or
seq commands for ACLs assigned to the source or the monitored port (MD). Enter the keywords capture session session-id
with the seq, permit, or deny command for the ACL rules to allow or drop IPv4, IPv6, ARP, UDP, EtherType, ICMP, and TCP packets.
IPV4-ACL mode
seq sequence-number {deny | permit} {source [mask] | any | host ip-address} [count [byte]]
[fragments] [threshold-in-msgs count] [capture session session-id]
If you congure the flow-based enable command and do not apply an ACL on the source port or the monitored port, both ow-based
monitoring and port mirroring do not function. Flow-based monitoring is supported only for ingress trac.
The show monitor session session-id command displays output which indicates if a particular session is enabled for ow-
monitoring.
View ow-based monitoring
OS10# show monitor session 1
S.Id Source Destination Dir SrcIP DstIP DSCP TTL State Reason
----------------------------------------------------------------------------
1 ethernet1/1/1 ethernet1/1/4 both N/A N/A N/A N/A true Is UP
Trac matching ACL rule
OS10# show ip access-lists in
Ingress IP access-list testflow
Active on interfaces :
ethernet1/1/1
seq 5 permit icmp any any capture session 1
seq 10 permit ip 102.1.1.0/24 any capture session 1
seq 15 deny udp any any capture session 2
seq 20 deny tcp any any capture session 3
Enable ow-based monitoring
Flow-based monitoring conserves bandwidth by mirroring only specied trac, rather than all trac on an interface. It is available for L2
and L3 ingress and egress trac. Congure trac to be monitored using ACL lters.
1 Create a monitor session in MONITOR-SESSION mode.
monitor session session-number type local
2 Enable ow-based monitoring for the mirroring session in MONITOR-SESSION mode.
flow-based enable
Access Control Lists
603