suzhouxiaoniu 发表于 2015-7-10 14:04
monitor session 1
source XXXXXX both 即可以是端口，也可以是vlan
destination interface Ethern ...

Here is an example configuration of ACL capture applied to a VLAN, also known as virtual LAN Access Control List (VACL) capture. Ten gigabit snifers designated may not be feasible for all scenerios. Selective traffic capture can be very useful in such scenerios especially during troubleshooting when traffic volumes are high.
!! Global command required to enable ACL-capture feature (on default VDC)
hardware access-list capture

monitor session 1 type acl-capture
destination interface ethernet 2/1
no shut
exit
!!
ip access-list TEST_ACL
10 permit ip 216.113.153.0/27 any capture session 1
20 permit ip 198.113.153.0/24 any capture session 1
30 permit ip 47.113.0.0/16 any capture session 1
40 permit ip any any
!!
!! Note: Capture session ID matches with the monitor session ID
!!
vlan access-map VACL_TEST 10
match ip address TEST_ACL
action forward
statistics per-entry
!!
vlan filter VACL_TEST vlan-list 500
我看网站上是这样的，具体不是很理解

有点差别，官网有个比较

需要在monitor session下no shutdown，另外在目标SPAN物理接口上，需要配置switchport monitor