Policy to filter mirroring trafic (Ip, port)
Topic
Hi experts,
I’m having trouble making an ACL (I think it’s simple) but it’s not working…
I intend to filter the traffic that arrives from a mirroring port (1/1/10) and that is the mirror of 1/1/1 and 1/1/2, eliminating the traffic from 10.10.10.1 tcp port 80.
I started by mirroring ports 1/1/1 and 1/1/2 to port 1/1/10
policy network group IP_Block 10.10.10.10
policy condition C1 source network group IP_Block source tcp port 80 destination port 1/1/10
policy action no_access disposition drop
policy rule R1 condition C1 action no_access
Can you help me, to make this ACL?
Answers
david1025
For policy rule R1 condition C1 action no_access you may need to add a presedence value like "precedence 130") so your syntax would look like below on the last line.
policy network group IP_Block 10.10.10.10 policy condition C1 source network group IP_Block source tcp port 80 destination port 1/1/10 policy action no_access disposition drop (try disposition deny) policy action allow policy rule R1 precedence 130 condition C1 action no_access qos apply
if this does not help, please include your show configuration snapshot so that we can get a full picture of where the problem may lie if you have not solved it already.