08-19-2024 09:57 AM
I am mirroring a port that has the following ACL applied to a port's egress and see traffic not destined to 00:a0:aa:d0:01:08 in the captures. Does the mirror look at traffic before it hits the ACL or after?
entry host8{
if {
ethernet-destination-address 00:a0:aa:d0:01:08;
}
then {permit;}
}
entry DenyAll{
if{
source-address 0.0.0.0/0;
} then {deny;
count block_acl;
}
Thank you for any insight you are able to provide.
08-19-2024 10:37 AM
Instead of exluding all other traffic afterwards, I would simply include only the desired traffic:
How To: How To Mirror Specific Type of Traffic | Extreme Portal (site.com)
Best regards
Stefan