I have an interesting challenge. I have an existing monitor session set up as below for monitoring on a 6509. I have a single monitor session with multiple egress interfaces based on the VLAN. This solution works very well for feeding specific VLANs to specific monitoring applications.
In most situations, unique VLANs are sent out each egress. There may be more than one VLAN dumped on a per egress, but you get the point. VLAN 401 (referenced above) is different. It is a "consolidation" VLAN where multiple application flows pass thru in the clear and are monitored by our security infrastructure. The issue is, we are feeding them too much "white noise" and the filtering they are running is taxing the CPU. So, I was asked if I could filter the traffic.
I cannot filter on MAC. The MACs for different applications are the same. Long story. Only the IPs are unique.
I need to filter on destination IP. That is my only option.
I need the filter to only be applied on a specific egress. So 401 may be going out several egress interfaces. But the filter needs to be applied to a specific port for the VLAN in question.
Router ACL won't work. The port is L2
Switch ACL won't work. Need L3
VACL won't work cause it filters the VLAN regardless of port
MACL won't work cause I only have unique IPs for my filter config
Are there any options anyone knows of for accomplishing this on the 6500s? Again, I need an IP destination ACL on VLAN 401 but ONLY for a specific egress interface.
This document gives several answers on frequently asked questions for PFRv3 channel state behavior.
Q1: What are all the channel operational states from a BR (border role) perspective and what are the rules/conditions to be in each st...
The need was to reach an host inside a LAN through a VPN connection managed by the LAN gateway (Cisco 1921).
The LAN gateway performs NAT and there was a dedicate nat rule for the host i wanted to reach through VPN.
I couldn't connect to the hos...
We have 3 identical switches configured by someone else and would like to claim some of the Gigabit ports(G1/G2/G3/G4) for use on servers. When we try to change the wiring and configuration, we run in to connectivity issues. Attached is a des...