Posted on May 17, 2021 3:37 am
 |  Asked by Waleed Alsaeed
 |  73 views
0
0
Print Friendly, PDF & Email

Greetings,

I’m using 7504R switch as tap aggregation mode, and want to steer/filter the traffic from tap ports to a tool ports based on source and destination IP addresses.

As the list has more than 400+ subnets (example below), steering or filtering the traffic using policy-map or class-map within a policy-map, requires applying 20,000+ rule:
1- source: 10.10.10.0/24, destination: 172.10.20.0/24 or 172.20.20.0/24 or 172.30.20.0/24 or 172.110.20.0/24
2- source: 10.20.10.0/24, destination: 172.10.20.0/24 or 172.20.20.0/24 or 172.30.20.0/24 or 172.110.20.0/24
3- source: 10.30.10.0/24, destination: 172.10.20.0/24 or 172.20.20.0/24 or 172.30.20.0/24 or 172.110.20.0/24
4- source: 172.10.20.0/24, destination: 10.10.10.0/24 or 10.20.10.0/24 or 10.30.10.0/24
5- source: 172.20.20.0/24, destination: 10.10.10.0/24 or 10.20.10.0/24 or 10.30.10.0/24
6- source: 172.30.20.0/24, destination: 10.10.10.0/24 or 10.20.10.0/24 or 10.30.10.0/24
7- source: 172.110.20.0/24, destination: 10.10.10.0/24 or 10.20.10.0/24 or 10.30.10.0/24

As egress ACL is not compatible with 7504R switches in tap aggregation mode, I’m wondering if is there a way to steer the traffic on the tap interface then filter it in the tool interface or have a two layer of steering and filtering in the same policy-map.

Note: I was able to do it in 7150 switch, by apply steering rules in policy-map on the tap port then the ACL in the tool port.

Thanks in advance,
Waleed

Post your Answer

You must be logged in to post an answer.