V7 SR8816-X 处理端口镜像跟qos policy的先后顺序
相关配置:
#
acl advanced 3000
description ZuDuan445
rule 5 permit tcp destination-port eq 445
rule 10 permit tcp destination-port eq 135
rule 15 permit tcp destination-port eq 137
rule 20 permit tcp destination-port eq 139
rule 25 permit udp destination-port eq 135
rule 30 permit udp destination-port eq 136
rule 35 permit udp destination-port eq netbios-ns
rule 40 permit udp destination-port eq netbios-dgm
rule 45 permit udp destination-port eq netbios-ssn
rule 50 deny tcp destination 10.136.4.88 0 destination-port eq 3389
rule 55 permit tcp destination-port eq 3389
rule 60 permit tcp destination-port eq 22
#
traffic classifier ZuDuan445 operator or
if-match acl 3000
#
traffic behavior ZuDuan445
filter deny
#
qos policy ZuDuan445
classifier ZuDuan445 behavior ZuDuan445
#
interface GigabitEthernet0/2/1
port link-mode route
description GE1/0/1_1G_Z-TO-SR8808_2
ip address 10.136.175.206 255.255.255.252
pim sm
mpls enable
mpls ldp enable
mirroring-group 1 mirroring-port both
qos apply policy ZuDuan445 inbound
qos apply policy cotrol outbound
#
问题描述:
在镜像的目的端口发现可以抓取到445 、135等多个端口号的数据,询问在接口同时配置端口镜像跟qos policy时设备处理报文的先后顺序是怎么样的?
现场版本:version 7.1.075, Release 7751P01
Slot 0 板卡型号:CSPEX-1304X
结论:该板卡入方向是镜像优先,qos policy做的过滤是后面处理,所以在目的端口会看到过滤之前的数据。
设备处理镜像以及qos policy的先后顺序跟板卡类型有关系,高端设备的问题尤其需要注意。
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作