Table of Contents
Advertisement
Configuring CLI-Based Mirroring
To configure the CLI-based packet-mirroring environment, you must coordinate the
mirroring operations of two devices in the network: the E Series router and the
analyzer device. The configuration of the analyzer device is mentioned in this section
for reference only. The actual configuration procedures depend on the policies and
guidelines established by the responsible organizations.
The secure ip policy and secure ipv6 policy commands are visible only to authorized
users; the mirror-enable command must be enabled before using secure ip policy
or secure ipv6 policy command. If you enter the secure ip policy or secure ipv6
policy command and the policy list does not exist, the router creates a policy list
with a default mirror rule that disables mirroring. If you attach this policy list to an
interface, there is no packet mirroring. When you use this command to create a
secure policy list, statistics-related keywords are not supported.
The secure ip classifier-list command creates or modifies a secure IP classifier
control list, which can then be included in a secure policy list.
The secure ipv6 classifier-list command creates or modifies a secure IPv6 classifier
control list, which can then be included in a secure policy list.
NOTE: Do not use the asterisk (*) for the name of a classifier list. The asterisk is used
as a wildcard for the classifier-group command.
Except for the following considerations, secure IP classifier lists are created and
function the same as standard IP classifier lists see "Classifier Control Lists Overview"
on page 7 for information:
The secure ip policy-list, secure ipv6 policy-list, and secure l2tp policy-list
commands create or modify a secure IP, IPv6, or L2TP policy list. These commands
are visible only to authorized users the mirror-enable command must be enabled
before using this command. These commands enter Policy List Configuration mode,
enabling you to specify the parameters of the secure policy list. If you enter Policy
List Configuration mode and then type exit without specifying any parameters, the
router creates a policy list with a mirror disable rule. Attaching this policy list to an
interface results in no packet mirroring.
The secure ip classifier-list and secure ipv6 classifier-list commands are visible
only to authorized users the mirror-enable command must be enabled before
using this command.
Secure IP classifier lists and secure IPv6 classifier lists are the only types of
classifier lists allowed in secure policy lists
Secure IP classifier lists and secure IPv6 classifier lists cannot be used in
non-secure policy lists.
You can associate secure IP and secure IPv6 policy classifier lists with all secure
IP and secure IPv6 policies dynamically created by RADIUS. This allows you to
selectively identify and drop high load traffic, such as video.
Chapter 11: Configuring CLI-Based Packet Mirroring
Configuring CLI-Based Mirroring
231
Advertisement
Table of Contents
Need help?
Do you have a question about the POLICY MANAGEMENT - CONFIGURATION GUIDE V11.1.X and is the answer not in the manual?
Questions and answers