HP ProCurve 9304M Installation And Configuration Manual page 166

Installation and Basic Configuration Guide
HP9300(config-trunk-4/1-4/8)# config-trunk-ind
HP9300(config-trunk-4/1-4/8)# monitor ethe-port-monitored 4/5 ethernet 2/1 in
Syntax: [no] config-trunk-ind
Syntax: [no] monitor ethe-port-monitored <portnum> | named-port-monitored <portname>
ethernet <portnum> in | out | both
The config-trunk-ind command enables configuration of individual ports in the trunk group. You need to enter
the config-trunk-ind command only once in a trunk group. After you enter the command, all applicable port
configuration commands apply to individual ports only.
NOTE: If you enter no config-trunk-ind, all port configuration commands are removed from the individual ports
and the configuration of the primary port is applied to all the ports. Also, once you enter the no config-trunk-ind
command, the enable, disable, and monitor commands are valid only on the primary port and apply to the entire
trunk group.
The monitor ethe-port-monitored command in this example enables monitoring of the inbound traffic on port
4/5.
• T he ethe-port-monitored <portnum> | named-port-monitored <portname> parameter specifies the trunk
port you want to monitor. Use ethe-port-monitored <portnum> to specify a port number. Use named-port-
monitored <portname> to specify a trunk port name.
• T he ethernet <portnum> parameter specifies the port to which the traffic analyzer is attached.
• T he in | out | both parameter specifies the traffic direction to be monitored.
Mirror Ports for Policy-Based Routing (PBR) Traffic
NOTE: This feature applies to hardware-based PBR, which is currently supported only on EP and on 10 Gigabit
Ethernet modules.
Software release 07.6.04 and later allows you to mirror traffic on ports that have policy-based routing (PBR)
enabled. This feature is useful for monitoring traffic, debugging, and enabling application-specific mirroring.
The PBR mirror interface feature allows continued hardware forwarding and, at the same time, enables you to
determine exactly which traffic flows get routed using the policies defined by PBR.
The following section provides a general overview of hardware-based PBR. For more specific information about
hardware based PBR, see the chapter "EP Hardware-Based IP Access Control Lists (ACLs)" in the Advanced
Configuration and Management Guide .
About Hardware-Based PBR
Hardware-based Policy-Based Routing (PBR) routes traffic in hardware based on policies you define. A PBR
policy specifies the next hop for traffic that matches the policy. A PBR policy also can use an ACL to perform QoS
mapping and marking for traffic that matches the policy.
To configure PBR, you define the policies using IP ACLs and route maps, then enable PBR globally or on
individual interfaces. The device programs the ACLs into the Layer 4 CAM on the interfaces and routes traffic that
matches the ACLs according to the instructions in the route maps. You also can map and mark the traffic's QoS
information using the QoS options of the ACLs.
Configuring Mirror Ports for PBR Traffic
When you configure a physical or virtual port to act as a mirror port for PBR traffic, outgoing packets that match
the permit Access Control List (ACL) clause in the route map are copied to the mirror port(s) that you specify. You
can specify up to four mirror ports for each PBR route map instance.
For example, to capture all traffic forwarded to an SSL port and mirror it to port 5, enter commands such as the
following:
HP9300(config)# route-map ssl-pbr-map permit 1
HP9300(config-routemap ssl-pbr-map)# match ip address 100
6 - 54