Posted on July 11, 2018 4:19 pm
 |  Asked by Arleekhan Pathan
 |  592 views
0
0
Print Friendly, PDF & Email

How to use 7280R for get http ipv6 only from tap aggregation? Now, I can receive ipv6 from 7280R tap aggregation. But can not receive ipv6 http get only. please

0
Posted by Harshita Rastogi
Answered on July 12, 2018 10:26 am

Hello Arleekhan,

If I understand your request right then you would like to tap only IPv6 HTTPS traffic.
There are lot of ways to filter traffic hitting tap ports.
1. If you know the source/destination ip of IPv6 HTTPS traffic then you can configure a ACL on tap port to filter this traffic.

https://eos.arista.com/eos-4-15-0f/tap-aggregation-traffic-steering-showclear-commands/

2.lets says there is no specific source/destination ip via which you can filter so you can use our User-Defined Fields feature where you can actually match fields present inside the packet. This requires you to configure an ACL to match GET field of HTTPS packets and only allow those packets.

You can refer to below link for more details on configurations.
https://eos.arista.com/eos-4-18-1f/tap-aggregation-traffic-steering-user-defined-fields/

0
Posted by Arleekhan Pathan
Answered on July 12, 2018 2:15 pm

Hi Harshita

You can show config for answer2?

I can not understand from these syntax.

(config)#ipv6 access-list
(config-acl-)#permit ipv6
payload header [start, end] offset [offset] pattern [pattern] mask [mask]

I’m not sure. I can use these cli?

7280(config)#ipv6 access-list IPv6
7280(config-acl-IPv6)#permit tcp any any eq www payload offset 0 pattern 0x47445400 mask 0x000000ff

But for these cli i’m not sure how to config.

(config)# access-list payload alias
[header ] offset pattern mask
(config)#ip access-list
(config-acl-)#permit ip payload alias
[pattern ] [mask ]

Post your Answer

You must be logged in to post an answer.