I have busy time now and a frequency of updating my blog is not such as I would expect. Sorry for that. I hope it should be better soon.
But today I would like to ask you a simple riddle.
Let’s assume that we have S9300 switch and a fragment of its configuration:
# observe-port 1 interface Ethernet0/0/1 # acl number 3000 rule 5 deny ip source 188.8.131.52 0.0.0.255 rule 10 deny ip source 184.108.40.206 0.0.0.255 rule 15 permit ip # traffic classifier riddle operator and if-match acl 3000 # traffic behavior riddle mirroring to observe-port 1 statistic enable # traffic policy riddle classifier riddle behavior riddle # interface Ethernet0/0/10 traffic-policy riddle inbound
Based on this configuration, what will happen with traffic classified by ACL 3000, and why?
Do not hesitate to send your answer in comments. If you need, you can do a simple test on Huawei eNSP.
acl number 3000 rule 5 deny ip source 220.127.116.11 0.0.0.255 (will be dropped) rule 10 deny ip source 18.104.22.168 0.0.0.255 (will be dropped) rule 15 permit ip (will be mirrored to observe port)
What is the default action for traffic behavior?
The default action is to permit all.
What does it mean?
It means that traffic behavior in our case will look like:
traffic behavior riddle mirroring to observe-port 1 permit (the default configuration is not displayed)
Remember that only traffic, that is classified as permit in ACL, can be used in traffic mirroring!!!
Traffic with deny action will be dropped because the default action in traffic behavior is to permit all.
I got a few answers. Thanks for them. Unfortunately none of them was written in an exhaustive manner.