Vyatta NOS documentation

Learn how to install, configure, and operate Vyatta Network Operating System (Vyatta NOS), which helps to drive our virtual networking and physical platforms portfolio.

Port monitor filter configuration

The following example shows how to create port monitor filters and apply them to a port monitor session.

Table 1. Configuring port monitor filters for port mirroring

Step

Command

Define rule 10 for the firewall ruleset dev with the action to accept packets

vyatta@vyatta# set security firewall name dev rule 10 action accept 

Identify the source subnet for rule 10

vyatta@vyatta# set security firewall name dev rule 10 source address 50.3.1.0/24 

Identify the destination subnet for rule 10

vyatta@vyatta# set security firewall name dev rule 10 destination address 60.2.0.0/24  

Identify the protocol (UDP) that rule 10 applies to

vyatta@vyatta# set security firewall name dev rule 10 protocol udp 

Define rule 20 for the firewall ruleset dev with the action to drop packets

vyatta@vyatta# set security firewall name dev rule 20 action drop  

Define rule 30 for the firewall ruleset dev2 with the action to accept packets

vyatta@vyatta# set security firewall name dev2 rule 30 action accept  

Identify the source subnet for rule 30

vyatta@vyatta# set security firewall name dev2 rule 30 source address 10.1.0.1

Define rule 40 for the firewall ruleset dev2 with the action to drop packets

vyatta@vyatta# set security firewall name dev2 rule 40 action drop 

Commit the configuration

vyatta@vyatta# commit  

Show the configuration

vyatta@vyatta# show security firewall 
 firewall {
        name dev {
                rule 10 {
                        action accept
                        destination {
                                address 60.2.0.0/24
                        }
                        protocol udp
                        source {
                                address 50.3.1.0/24
                        }
                }
                rule 20 {
                        action drop
                }
        }
        name dev2 {
                rule 30 {
                        action accept
                        source {
                                address 10.1.0.1
                        }
                }
                rule 40 {
                        action drop
                }
        }
 }
  

Specify that port monitoring session 2 will use the dev ruleset to filter ingress traffic. Allowed session types are SPAN, RSPAN-source, and ERSPAN-source

vyatta@vyatta# set service portmonitor session 2 filter in dev 

Specify that port monitoring session 2 will use the dev2 ruleset to filter egress traffic. Allowed session types are SPAN, RSPAN-source, and ERSPAN-source

vyatta@vyatta# set service portmonitor session 2 filter out dev2 

Commit the configuration

vyatta@vyatta# commit  

Show the configuration

vyatta@vyatta# show service portmonitor session 2 filter 
 filter {
        in dev
        out dev2
 }