• Author : Sunil Kumar Mudunuri

 
 

VxLAN rules support for Mirror ACLs

Up until now, the mirroring ACLs on the DCS-7150 series used to support only the security ACL rules. This meant that fields beyond the layer-4 header couldn’t be matched in these ACLs. Recent releases have added support for deep-inspection rules in ACLs, but they were reserved for the TapAgg mode. This feature allows VxLAN deep-inspection rules to be specified in the mirroring ACLs, when the switch is operating in normal mode. Platform compatibility DCS-7150S Configuration The following are a few example VxLAN rules that can be specified in mirroring ACLs. The command itself is the same as the VxLAN deep-inspection rule...
Continue reading →

Tap aggregation – traffic steering show/clear commands

This TOI briefs the commands related to the traffic steering policies used in Tap Aggregation. These commands display the configured traffic-steering policy-maps, class-maps, the interfaces they are applied to, and the counters for each rule of the policy (presented in acl-counter format). The policy rule counters can be cleared using the corresponding clear commands.   CLI commands Presented below are the command formats along with the sample output: show class-map type tapagg [class-name] This command displays all/named tap aggregation class-maps. The output lists a mapping between a class-map and access-list(s). Each class-map could be mapping to multiple access-lists, but all of the access-lists...
Continue reading →

Tap aggregation – stripping VLAN tags using traffic steering

The traffic-steering policies used in tap aggregation mode allow steering traffic from tap to tool ports using ‘set aggregation-group’ action, while the ‘set id-tag’ action tags the traffic with the specified id(in the dot1q format). The new action allows removing the VLAN(dot1q) tags from the steered traffic. VLAN tag removal is already available as the tool port interface mode command ‘switchport tool dot1q remove outer <1-2>’. However this is a bit rigid since all frames going out of the tool port will be stripped of the VLAN tags. Letting a policy specify the removal provides greater flexibility. Configuration As with the other policy...
Continue reading →

Follow

Get every new post on this blog delivered to your Inbox.

Join other followers: