Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
537
Views
0
Helpful
0
Replies

Nexus tap aggregation feature and IPv6

Sergey
Level 1
Level 1

‎03-17-2016 11:53 PM - edited ‎03-01-2019 08:13 AM

Hi, 

I have a Nexus 9372 px-e switch and trying to get following task done:

  • there are couple TAP ports connected to the switch (lets say e1/1-8)
  • two different moniroting tools are connected (e1/9,e1/10)
  • IPv4 tcp80 and udp53 traffic needs to be sent to the tool connected to e1/9 port
  • IPv6 traffic needs to be sent to the tool connected to e1/10 port

Reading the configuration doc I have realized that we could use ip port acl with the "@redirect"clause (permit tcp any any eq 80 redirect ethernet 1/9)  to steer needed IPv4 traffic to the first monitor. This part works perfectly fine.

Unfortunately there is no redirect clause in ipv6 port acl. One needs to use mac port acl to steer ipv6 traffic. And here is the problem: you can't configure mac and ipv4 port acls on the same port (e1/1-8 in my case). As a workaround I have configured following mac acl on e1/1-8 ports:

mac access-list acl-tap
10 permit any any 0x8100 redirect Ethernet1/9
20 permit any any 0x86dd redirect Ethernet1/10

However the drawback of the workaround is that fist monitor is receiving not needed ipv4 traffic (e.g. tcp443).

  • Is there the redirect clause in the roadmap of the nx-os any soon?
  • Is it possible to "filter out" unneeded traffic from e1/9 (the ip access list does not work with the redirected traffic).

Thanks

Labels:
0 Helpful
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents