Filtering traffic on a mirrored port

[murrayfar]

OS6860E-P48 8.1.1.585.R01


I need to configured a mirrored port for a network TAP here is the test config that I am working on.

=====================================================================
policy condition TestMirrorCond1 source port 2/1/28
policy action TestMirrorAct1 mirror 2/1/6 ingress egress
policy rule TestMirrorRule1 condition TestMirrorCond1 action TestMirrorAct1
qos apply

======================================================================

This seems to be working, but now I need to be able to filter out certain unwanted traffic from going to the TAP - so far I have been unsuccessful.

Here is an example of what I need to do - Drop traffic on ports TCP 1500 and 902 source and destination from 10.0.0.1, 10.0.0.2, 10.0.0.3.

This is what I've tried ( I know this only specifies Source traffic in the Service Group but it's not blocking any traffic that I can tell)

============================================================================

policy network group NetGrp-SP 10.0.0.1 10.0.0.2 10.0.0.3

policy service SP-902-Scr source tcp-port 902
policy service SP-1500-Scr source tcp-port 1500
policy service group SrvGrp-SP-Scr SP-1500-Scr SP-902-Scr


policy condition TestMirrorCond2 source network group NetGrp-SP service group SrvGrp-SP-Scr

policy action TestMirrorAct2 mirror 2/1/6 disposition drop

policy rule TestMirrorRule2 condition TestMirrorCond2 action TestMirrorAct2

qos apply

=================================================================================


This is my first real try at using the QOS policys on Alcatel switches, so this may be completely the wrong way to do this. Please point me in the correct direction if you can.

Thanks

[silvio]

You need different policies (so two conditions and two actions and two rules).
For the unwanted traffic you create one policy with the action permit and with a higher precedence in the rule.
For the mirrored traffic you can use your orign policy with lower precedence.
regards
Silvio