Can flow-redirect be used on layer 2 ? if yes, Syntax please
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎04-09-2018 10:21 AM
I want to redirect flows based on port numbers. Is there a way to achieve that?
11 REPLIES 11
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎04-12-2018 11:35 AM
yes, this works, but what about the tagged packets. if packets come with some specfic tag and i want to redirect them how would i do that? because i am expecting untagged, single tagged and double tagged packets in my traffic? & i wont be knowing the tag of the traffic in case of tagged traffic... so i cannot set it as a vlan tag ..
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎04-12-2018 11:35 AM
Are both ports in the same VLAN? You cannot do an L2 redirect across VLANs. Here's a simple output I took from the lab
# vi redir.pol entry l2_redir { if {} then { count redirected ; redirect-port 10 ; }}# create vlan v10 tag 10 # configure vlan v10 add ports 1-2,10 untagged
# configure access-list redir port 1 ingress # show access-list counter
Policy Name Vlan Name Port Direction
Counter Name Packet Count Byte Count
==================================================================
redir * 1 ingress
redirected 42
A second take after a minute:
# show access-list counter
Policy Name Vlan Name Port Direction
Counter Name Packet Count Byte Count
==================================================================
redir * 1 ingress
redirected 157 # show ports 1,10 statistics
Port Statistics Mon Apr 16 09:26:26 2018
Port Link Tx Pkt Tx Byte Rx Pkt Rx Byte Rx Pkt Rx Pkt Tx Pkt Tx Pkt
State Count Count Count Count Bcast Mcast Bcast Mcast
========= ===== =========== =========== =========== =========== =========== =========== =========== ===========
1 A 8 972 14 896 14 0 1 7
10 A 19 1789 0 0 0 0 13 5
========= ===== =========== =========== =========== =========== =========== =========== =========== ===========
# vi redir.pol entry l2_redir { if {} then { count redirected ; redirect-port 10 ; }}# create vlan v10 tag 10 # configure vlan v10 add ports 1-2,10 untagged
# configure access-list redir port 1 ingress # show access-list counter
Policy Name Vlan Name Port Direction
Counter Name Packet Count Byte Count
==================================================================
redir * 1 ingress
redirected 42
A second take after a minute:
# show access-list counter
Policy Name Vlan Name Port Direction
Counter Name Packet Count Byte Count
==================================================================
redir * 1 ingress
redirected 157 # show ports 1,10 statistics
Port Statistics Mon Apr 16 09:26:26 2018
Port Link Tx Pkt Tx Byte Rx Pkt Rx Byte Rx Pkt Rx Pkt Tx Pkt Tx Pkt
State Count Count Count Count Bcast Mcast Bcast Mcast
========= ===== =========== =========== =========== =========== =========== =========== =========== ===========
1 A 8 972 14 896 14 0 1 7
10 A 19 1789 0 0 0 0 13 5
========= ===== =========== =========== =========== =========== =========== =========== =========== ===========
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎04-12-2018 11:35 AM
Any help here guys?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎04-12-2018 11:35 AM
But it is not working. I have the following configuration.. I am receiving the traffic with no tags nothing just normal Ethernet frames on port 47 but somehow the ACL is not redirecting them port 48. Am I missing something?
* X670V-48x.54 # show access-list
Vlan Name Port Policy Name Dir Rules Dyn Rules
================================================================
* 47 testing ingress 1 0
* X670V-48x.55 #vi testing.pol
entry rule {
if match all {
} then {
redirect-port 48
}
}
* X670V-48x.59 # show ports 47-48 statistics
Port Statistics Thu Apr 12 10:09:00 2018
Port Link Tx Pkt Tx Byte Rx Pkt Rx Byte Rx Pkt Rx Pkt Tx Pkt Tx Pkt
State Count Count Count Count Bcast Mcast Bcast Mcast
========= ===== =========== =========== =========== ===========
47 A 0 0 8469676 1084118656 0 0 0 0
48 A 0 0 0 0 0 0 0 0
========= ===== =========== =========== =========== ===========
* X670V-48x.54 # show access-list
Vlan Name Port Policy Name Dir Rules Dyn Rules
================================================================
* 47 testing ingress 1 0
* X670V-48x.55 #vi testing.pol
entry rule {
if match all {
} then {
redirect-port 48
}
}
* X670V-48x.59 # show ports 47-48 statistics
Port Statistics Thu Apr 12 10:09:00 2018
Port Link Tx Pkt Tx Byte Rx Pkt Rx Byte Rx Pkt Rx Pkt Tx Pkt Tx Pkt
State Count Count Count Count Bcast Mcast Bcast Mcast
========= ===== =========== =========== =========== ===========
47 A 0 0 8469676 1084118656 0 0 0 0
48 A 0 0 0 0 0 0 0 0
========= ===== =========== =========== =========== ===========
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎04-12-2018 11:35 AM
Yes, the redirect-port and redirect-port-list action-modifiers help achieve this. Please see examples in links I provided the link I shared in my previous comment.
