how to add Vlan ACL in port mirror

Noovi · ‎01-13-2019

Hi,

As i know we can do port mirroring in Cisco switches by following

monitor session 1 destination int g1/0/1

monitor session 1 source port g1/0/2 or source vlan 350

Can anyone tell me how i can use Vlan ACL in this scenario??

balaji.bandi · ‎01-13-2019

From my lab noted and tested one as below - change accordingly your stup.

When the source and destination are on the same switch that is refered as Local SPAN.

SPAN With VACL filter. Below is configuration example:

you can use standard and extended ACLs.

vlan 9

SPAN-VLAN

monitor session 1 source vlan 9

monitor session 1 destination interface g0/2

ip access-list extended NotIntestingTraffic

permit ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255

permit ip 192.169.0.0 0.0.255.255 192.168.0.0 0.0.255.255

ip access-list InterestingTraffic

permit ip 192.190.0.0 0.0.255.255 192.190.0.0 0.0.255.255

permit ip 192.191.0.0 0.0.255.255 192.191.0.0 0.0.255.255

vlan access-map VACLSPAN 10

match ip address NotIntestingTraffic

action drop

vlan access-map VACLSPAN 20

match ip address IntestingTraffic

action forward

vlan filter VACLSPAN vlan-list 9

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Noovi · ‎01-13-2019

Hi ,

But i believe traffic will be dropped/discarded on switch but i dont want to.

i just want filtered traffic on SPAN.

I think we can do by below , as just found this.

Vlan Based:

monitor session 1 filter vlan 350 , 360 -365

IP Based:

monitor session 1 filter ip access-group 102

balaji.bandi · ‎01-13-2019

if you want to forward you can just do forward, not drop that should be ok. test and advise.

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help