Step 1
| On the Filters tab, click + Filter to add a filter. The Add Filter window is displayed. |
Step 2
| In the Filter Description section of the Add Filter window, complete the following fields:
Name
|
Description
|
Name field
|
The name of the filter.
Note
|
The name cannot be changed once you have saved it.
|
|
Bidirectional check box
|
Check this box if you want the filter to capture traffic information from a source IP, source port, or source MAC address to a destination IP, destination port, or destination MAC address, and from a destination IP, destination port, or destination MAC to a source IP, source port, or source MAC address.
|
|
Step 3
| In the Layer 2 section of the Add Filter window, complete the following fields:
|
|
Ethernet Type field
|
Required. The Ethernet type of the Layer 2 traffic. The default value displayed is IPv4, or you can choose one of the following:
-
IPv6
-
ARP
-
LLDP
-
Predefined EtherTypes
-
All EtherTypes
-
Enter Ethernet Type—If you choose Enter Ethernet Type as the type, enter the Ethernet type in hexadecimal format.
If you choose Predefined EtherTypes, all predefined Ethernet types contained in the config.in file are associated with the rule, and you should not configure any other parameters.
Note
|
You can now configure more than 1 user-defined Ethernet type per filter. You can apply an arbitrary number of Ethernet types that are separated by "," so that a single filter can be setup for the different traffic types.
|
|
VLAN Identification Number field
|
The VLAN ID for the Layer 2 traffic. You can enter a single VLAN ID, a range of VLAN ID values, or comma-separated VLAN ID values and VLAN ID ranges, for example, 1-4,6,8,9-12.
Note
|
For NX-API, a VLAN ID with Layer 3 address is not supported. If a VLAN ID with Layer 3 address is configured, it results in the inconsistent flows. You have to troubleshoot and fix the flows.
|
|
VLAN Priority field
|
The VLAN priority for the Layer 2 traffic.
|
Source MAC Address field
|
The source MAC address of the Layer 2 traffic.
|
Destination MAC Address field
|
The destination MAC address of the Layer 2 traffic.
|
|
Step 4
| In the Layer 3 section of the Add Filter window, update the following fields:
Name
|
Description
|
Source IP Address field
|
The source IP address of the Layer 3 traffic. This can be one of the following:
-
The host IP address, for example, 10.10.10.10
-
Discontiguous source IP address, for example, 10.10.10.10, 10.10.10.11, 10.10.10.12
-
An IPv4 address range, for example, 10.10.10.10-10.10.10.15
-
An IPv4 subnet, for example, 10.1.1.0/24
-
The host IP address in IPv6 format, for example, 2001::0
Note
|
-
When a switch is used in NX-API mode, you can now select an IPv6 filter and setup a connection. You can enter a single IPv6 address, comma separated multiple IPv6 addresses, an IPv6 address range, and/or IPv6 subnet in the Source IP Address field.
-
If you configure a range of Layer 3 source IP addresses, you cannot configure ranges of Layer 4 source or destination ports.
-
If you configure a range of Layer 3 source IP addresses, you cannot configure ranges of Layer 2 VLAN identifiers.
|
Note
|
When using IPv6 address in the filter, the Ethernet Type should be set to IPv6.
|
|
Destination IP Address field
|
The destination IP address of the Layer 3 traffic. This can be one of the following:
-
The host IP address, for example, 10.10.10.11
-
An IPv4 address range, for example, 10.10.10.11-10.10.10.18
-
An IPv4 subnet, for example, 10.1.1.0/24
-
The host IP address in IPv6 format, for example, 2001::4
-
The subnet, for example, 10.0.0.0/25
Note
|
-
When a switch is used in NX-API mode, you can now select a IPv6 filter and setup a connection. You can enter a single IPv6 address only in the Destination IP Address field. The comma separated multiple IPv6 addresses, an IPv6 address range, and/or IPv6 subnets are not supported. The hardware command that is a pre-requisite is for using the IPv6 feature is hardware access-list tcam region ipv6-ifacl 512.
-
If you configure a range of Layer 3 source IP addresses, you cannot configure ranges of Layer 4 source or destination ports.
-
If you configure a range of Layer 3 source IP addresses, you cannot configure ranges of Layer 2 VLAN identifiers.
|
|
Protocol drop-down list
|
Choose the Internet protocol of the Layer 3 traffic. This can be one of the following: If you choose Enter Protocol as the type, enter the protocol number in decimal format.
-
ICMP
-
TCP
-
UDP
-
Enter Protocol
|
ToS Bits field
|
The Type of Service (ToS) bits in the IP header of the Layer 3 traffic. Only the Differentiated Services Code Point (DSCP) values are used.
|
|
Step 5
| In the Layer 4 section of the Add Filter dialog box, complete the following fields:
Name
|
Description
|
Source Port drop-down list
|
Choose the source port of the Layer 4 traffic. This can be one of the following:
-
FTP (Data)
-
FTP (Control)
-
SSH
-
TELNET
-
HTTP
-
HTTPS
-
Enter Source Port
Note
|
Beginning with Cisco Nexus Data Broker Release 3.2 , you can enter comma separated single port numbers and a range of the source port numbers in the Enter Source Port field.
|
Note
|
-
If you configure a range of Layer 4 source ports, you cannot configure ranges of Layer 3 IP source or destination addresses.
-
If you configure a range of Layer 4 source ports, you cannot configure ranges of Layer 2 VLAN identifiers
|
|
Destination Port drop-down list
|
Choose the destination port of the Layer 4 traffic. This can be one of the following:
-
FTP (Data)
-
FTP (Control)
-
SSH
-
TELNET
-
HTTP
-
HTTPS
-
Enter Destination Port
Note
|
Beginning with Cisco Nexus Data Broker Release 3.2 , you can enter comma separated single port numbers and a range of the source port numbers in the Enter Destination Port field.
|
Note
|
-
If you configure a range of Layer 4 destination ports, you cannot configure ranges of Layer 3 IP source or destination addresses.
-
If you configure a range of Layer 4 destination ports, you cannot configure ranges of Layer 2 VLAN identifiers
|
|
|
Step 6
| In the Layer 7 section of the Add Filter dialog box, complete the following fields:
Name
|
Description
|
HTTP Method field
|
You can configure matching on the HTTP methods and redirect the traffic based on that method. Select one or more methods to match within a single filter. This option is available only when the destination port is HTTP or HTTPS.
-
Connect
-
Delete
-
Get
-
Head
-
Post
-
Put
-
Trace
Note
|
Layer 7 match is supported only with the NX-API mode only and it is not supported in OpenFlow.
|
Note
|
The TCP option length is enabled when you select any one of the methods from Layer 7 traffic.
|
|
TCP Option Length field
|
You can extend the filter configuration to specify the TCP option length in the text box. The default value on the text box is 0. All methods within the filter have the same option length.
Enter the TCP option length in a decimal format.
Note
|
The value on the text box should be in the multiples of 4 and it can range from 0-40.
|
|
|
Step 7
| Click Add Filter. |