You can configure rule-based filters at the port monitor session level to restrict the volume of ingress or egress IPv4 traffic for port mirroring. Filters configured for a port monitor session apply to the traffic from all the source interfaces for the session. The traffic is filtered before it is mirrored and sent out over the destination interface. You can apply filters to SPAN, RSPAN-source, and ERSPAN-source sessions.

If the source interface of a portmonitor session is a physical interface, all packets on the interface are mirrored. If filters are configured on the portmonitor session for a physical interface, the filters are applied to all traffic received on the interface.

Port monitor filters are constructed using firewall rules. The following limitations apply:

• Only stateless IPv4 packet filters are supported.
• Rules can match source IP address, destination IP address, source port, destination port, IP protocol, or DSCP.

To create and apply port monitor filters: