There is two methods to forward to detector the traffic, the first is vacl and then SPAN.
If we use the vacl to forward the traffic to detector, I wonder if the vacl is possble to classficate the specific traffic.
For example. I would like to forward the 10.1.1.x/24 to detector only and other drop.
ip acces-list extended ddos
permit ip 10.1.1.0 0.0.0.255 any
vlan access-map ddos
match ip address ddos
action forward capture
vlan vlan-filter ddos vlan-list 50
If I configure above the statement, Can I forward the 10.1.1.x traffic to detector only? Is it possible solution?