Vyatta Network OS Documentation

Learn how to install, configure and operate the Vyatta NOS, which helps drive our virtual networking & physical platforms portfolio.

Port monitor filter configuration

The following example shows how to create port monitor filters and apply them to a port monitor session.

Table 1. Configuring port monitor filters for port mirroring

Step

Command

Define rule 10 for the firewall ruleset dev with the action to accept packets

vyatta@vyatta# set security firewall name dev rule 10 action accept 

Identify the source subnet for rule 10

vyatta@vyatta# set security firewall name dev rule 10 source address 50.3.1.0/24 

Identify the destination subnet for rule 10

vyatta@vyatta# set security firewall name dev rule 10 destination address 60.2.0.0/24  

Identify the protocol (UDP) that rule 10 applies to

vyatta@vyatta# set security firewall name dev rule 10 protocol udp 

Define rule 20 for the firewall ruleset dev with the action to drop packets

vyatta@vyatta# set security firewall name dev rule 20 action drop  

Define rule 30 for the firewall ruleset dev2 with the action to accept packets

vyatta@vyatta# set security firewall name dev2 rule 30 action accept  

Identify the source subnet for rule 30

vyatta@vyatta# set security firewall name dev2 rule 30 source address 10.1.0.1

Define rule 40 for the firewall ruleset dev2 with the action to drop packets

vyatta@vyatta# set security firewall name dev2 rule 40 action drop 

Commit the configuration

vyatta@vyatta# commit  

Show the configuration

vyatta@vyatta# show security firewall 
 firewall {
        name dev {
                rule 10 {
                        action accept
                        destination {
                                address 60.2.0.0/24
                        }
                        protocol udp
                        source {
                                address 50.3.1.0/24
                        }
                }
                rule 20 {
                        action drop
                }
        }
        name dev2 {
                rule 30 {
                        action accept
                        source {
                                address 10.1.0.1
                        }
                }
                rule 40 {
                        action drop
                }
        }
 }
  

Specify that port monitoring session 2 will use the dev ruleset to filter ingress traffic. Allowed session types are SPAN, RSPAN-source, and ERSPAN-source

vyatta@vyatta# set service portmonitor session 2 filter in dev 

Specify that port monitoring session 2 will use the dev2 ruleset to filter egress traffic. Allowed session types are SPAN, RSPAN-source, and ERSPAN-source

vyatta@vyatta# set service portmonitor session 2 filter out dev2 

Commit the configuration

vyatta@vyatta# commit  

Show the configuration

vyatta@vyatta# show service portmonitor session 2 filter 
 filter {
        in dev
        out dev2
 }