Can flow-redirect be used on layer 2 ? if yes, Syntax please

  • 0
  • 2
  • Problem
  • Updated 3 months ago
  • Not a Problem
I want to redirect flows based on port numbers. Is there a way to achieve that?
Photo of Danial Jalil

Danial Jalil

  • 912 Points 500 badge 2x thumb

Posted 6 months ago

  • 0
  • 2
Photo of Kawawa

Kawawa, GTAC

  • 3,292 Points 3k badge 2x thumb
You can do L2 Redirects and this is documented in the user guide and there are examples as well: https://documentation.extremenetworks.com/exos_22.4/exos_21_1/acl/r_layer-2-policybased-redirect.sht...  I am not sure what you mean by "redirect based on port numbers"...are you referring to using physical ports as the source condition? Not possible,  Or using physical ports as the destination of the redirected traffic? Possible as outlined in link!
Photo of Danial Jalil

Danial Jalil

  • 912 Points 500 badge 2x thumb
yes i mean using physical ports. can i use physical ports as the destination of the redirected traffic?
Photo of Kawawa

Kawawa, GTAC

  • 3,292 Points 3k badge 2x thumb
Yes, the redirect-port and redirect-port-list action-modifiers help achieve this.  Please see examples in links I provided the link I shared in my previous comment. 
Photo of Danial Jalil

Danial Jalil

  • 912 Points 500 badge 2x thumb
But it is not working. I have the following configuration.. I am receiving the traffic with no tags nothing just normal Ethernet frames on port 47 but somehow the ACL is not redirecting them port 48. Am I missing something? 

* X670V-48x.54 # show access-list
Vlan Name    Port   Policy Name          Dir      Rules  Dyn Rules
================================================================
*            47     testing              ingress  1      0

* X670V-48x.55 #vi testing.pol
entry rule {
if match all {
} then {
redirect-port 48
}
}

* X670V-48x.59 # show ports 47-48 statistics
Port Statistics                                                                        Thu Apr 12 10:09:00 2018
Port      Link       Tx Pkt     Tx Byte      Rx Pkt     Rx Byte      Rx Pkt      Rx Pkt      Tx Pkt      Tx Pkt
          State       Count       Count       Count       Count       Bcast       Mcast       Bcast       Mcast
========= ===== =========== =========== =========== =========== 
47        A               0           0     8469676  1084118656           0           0           0           0
48        A               0           0           0           0           0           0           0           0

========= ===== =========== =========== =========== =========== 
Photo of Danial Jalil

Danial Jalil

  • 912 Points 500 badge 2x thumb
Any help here guys?
Photo of Kawawa

Kawawa, GTAC

  • 3,292 Points 3k badge 2x thumb
Are both ports in the same VLAN?  You cannot do an L2 redirect across VLANs.  Here's a simple output I took from the lab

# vi redir.pol
entry l2_redir { if {} then { count redirected ; redirect-port 10 ; }}
# create vlan v10 tag 10
# configure vlan v10 add ports 1-2,10 untagged
# configure access-list redir port 1 ingress # show access-list counter 
Policy Name       Vlan Name        Port   Direction  
    Counter Name                   Packet Count         Byte Count           
==================================================================
redir             *                1      ingress   
    redirected                     42                   

A second take after a minute:
        
# show access-list counter 
Policy Name       Vlan Name        Port   Direction  
    Counter Name                   Packet Count         Byte Count           
==================================================================
redir             *                1      ingress   
    redirected                     157     
# show ports 1,10 statistics 
Port Statistics                                                                        Mon Apr 16 09:26:26 2018
Port      Link       Tx Pkt     Tx Byte      Rx Pkt     Rx Byte      Rx Pkt      Rx Pkt      Tx Pkt      Tx Pkt
          State       Count       Count       Count       Count       Bcast       Mcast       Bcast       Mcast
========= ===== =========== =========== =========== =========== =========== =========== =========== ===========
1         A               8         972          14         896          14           0           1           7
10        A              19        1789           0           0           0           0          13           5
========= ===== =========== =========== =========== =========== =========== =========== =========== ===========
(Edited)
Photo of Danial Jalil

Danial Jalil

  • 912 Points 500 badge 2x thumb
yes, this works, but what about the tagged packets. if packets come with some specfic tag and i want to redirect them how would i do that? because i am expecting untagged, single tagged and double tagged packets in my traffic? & i wont be knowing the tag of the traffic in case of tagged traffic... so i cannot set it as a vlan tag ..
(Edited)
Photo of Danial Jalil

Danial Jalil

  • 912 Points 500 badge 2x thumb
any help regarding this question???
(Edited)
Photo of Doug Hyde

Doug Hyde, Technical Support Manager

  • 20,586 Points 20k badge 2x thumb
I would suggest contacting the GTAC if you still have some questions outstanding. 
https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-contact-Extreme-Networks-Global-Tec...