Configuring vFlow Filters
A vFlow filter, in conjunction with a port mirror, gives granular control over the traffic that is mirrored through SPAN or RSPAN configurations. By configuring a vFlow with a mirror, you can select the traffic you need for analysis with precision.
To create a vFlow-mirror, you should configure a port mirror first. For details, see the Configuring Port Mirroring section in the Configuring and Using Network Management and Monitoring chapter.
For example:
CLI (network-admin@switch) > mirror-create name mir11 out-port 70 in-port 12 span-encap over-vlan span-tagging-vlan 300
To create the corresponding vFlow, use the vflow-create command:
CLI (network-admin@switch) > vflow-create name span1 scope local src-ip 100.1.1.200 precedence default action none mirror mir11
The vflow-create command allows numerous filtering policies. Refer to the previous sections of this chapter, Configuring and Using vFlows for more information.
A logical combination of a port mirror and a vFlow-based one can be configured using the filtering parameter in the vflow-create command.
- Use the port option to consider only the parameters configured in the mirror-create command for filtering the traffic.
- Use the vflow-or-port option to mirror traffic that meets either the vFlow or the mirror constraints. With this option, packets that match either the vFlow policy or the in-port parameter of the mirror get mirrored.
- Use the vflow-and-port option to mirror traffic that meets both the vFlow and the mirror constraints. With this option, only packets that match both the vFlow policy and the in-port parameter of the mirror get mirrored.
For example:
CLI (network-admin@switch) > mirror-create name mir5 out-port 80 in-port 40 filtering vflow-and-port span-encap over-vlan span-tagging-vlan 300
CLI (network-admin@switch) > vflow-create name flow1 scope local tos 112 action none mirror mir5
With the above configuration, only the packets that ingress on port 40 of switch1 with a ToS value of 112 are mirrored.