the ingress and egress direction. Flow-based monitoring conserves bandwidth by
monitoring only specified traffic instead all traffic on the interface. This feature is
particularly useful when looking for malicious traffic. It is available for Layer 2 and
Layer 3 ingress and egress traffic. You may specify traffic using standard or
extended access-lists. This mechanism copies all incoming or outgoing packets on
one port and forwards (mirrors) them to another port. The source port is the
monitored port (MD) and the destination port is the monitoring port (MG).
Related
Commands
ip access-list extended
— creates an extended ACL.
permit tcp
— assigns a permit filter for TCP packets.
permit udp
— assigns a permit filter for UDP packets.
permit icmp
Configure a filter to allow all or specific ICMP messages.
Syntax
permit icmp {
source mask
| any | host
ip-address
} {
destination
mask
| any | host
ip-address
} [dscp] [
message-type
] [count
[byte]] [order] [fragments][log [interval
minutes
] [threshold-
in-msgs [
count
]] [monitor]
To remove this filter, you have two choices:
• Use the
no seq
sequence-number
command if you know the filter’s
sequence number.
• Use the
no permit icmp {
source mask
| any | host
ip-address
}
{
destination mask
| any | host
ip-address
}
command.
Parameters
source
Enter the IP address of the network or host from which the
packets were sent.
mask
Enter a network mask in /prefix format (/x) or A.B.C.D. The
mask, when specified in A.B.C.D format, may be either
contiguous or noncontiguous.
any
Enter the keyword
any
to match and drop specific Ethernet
traffic on the interface.
host
ip-address
Enter the keyword
host
and then enter the IP address to
specify a host IP address.
destination
Enter the IP address of the network or host to which the
packets are sent.
dscp
Enter the keyword
dscp
to deny a packet based on the
DSCP value. The range is 0 to 63.
message-type
(OPTIONAL) Enter an ICMP message type, either with the
type (and code, if necessary) numbers or with the name of
168
Access Control Lists (ACL)