Configuring Ipfix With Acl's On The Ers 8600 - Avaya 4500 Technical Configuration Manual

Configuring IPFIX with ACL's on the ERS 8600

3.2
In configuration example 3.1, port 7/26 was setup to capture all traffic via IPFIX. In this
configuration example, we will setup IPFIX to only capture traffic based on ACL's. Assuming the
Ethernet Routing Switch 8600 has been configured with VLAN 500 using an IP subnet of
198.19.1.0/24, we will configure the following:

We will setup an ACL to supply IPFIX flows only for traffic with a source IP address of
198.19.1.4 from any port via VLAN 500.

*For this configuration example, we will enable the IPFIX flag at the ACE level.

Add an IPFIX collector which has an IP address of 172.30.30.20.
The Ethernet Routing Switch 8600 supports the ability to filter IPFIX flows at the ACL
(global level) level or at the ACE (individual filter) level. When setting up an ACL, you
can configure a global action to ether enable or mirror IPFIX with or without statistics.
 When IPFIX is enabled at the ACL global level, IPFIX collection is applied to all ACE's.
If you do not enable IPFIX at the ACL global level, you can still enable IPFIX for each
individual filter at the ACE level. This will provides greater control over which ACE's you
wish to collect IPFIX flow on.
If you plan to use ACL with IPFIX, please do not enable IPFIX at the port level.
3.2.1 Configuration
To accomplish the above, please enter the following commands:
ERS 8600: Step 1 – Enable IPFIX globally
CLI:
ERS-8600(config)# ip ipfix enable
PPCLI:
ERS-8600# config ip ipfix state enable
ERS 8600: Step 2 – Add the IPFIX Collector
CLI:
ERS-8600(config)# ip ipfix collector 7 172.30.30.20 enable
PPCLI:
ERS-8600# config ip ipfix slot 7 collector add 172.30.30.20 enable true
Avaya Inc. – External Distribution
avaya.com
15