capability, traffic with particular flows that are traversing through the ingress andegress interfaces are examined and, appropriate ACLs can be applied in both theingress and egress direction. Flow-based monitoring conserves bandwidth bymonitoring only specified traffic instead all traffic on the interface. This feature isparticularly useful when looking for malicious traffic. It is available for Layer 2 andLayer 3 ingress and egress traffic. You may specify traffic using standard orextended access-lists. This mechanism copies all incoming or outgoing packets onone port and forwards (mirrors) them to another port. The source port is themonitored port (MD) and the destination port is the monitoring port (MG).RelatedCommandsip access-list standard — configures a standard ACL.permit — configures a permit filter.deny (for Extended IP ACLs)Configure a filter that drops IP packets meeting the filter criteria.Syntax deny {ip | ip-protocol-number} {source mask | any | host ip-address} {destination mask | any | host ip-address} [count[byte]] [dscp value] [order] [monitor] [fragments] [log[interval minutes] [threshold-in-msgs [count]] [monitor]To remove this filter, you have two choices:• Use the no seq sequence-number command if you know the filter’ssequence number.• Use the no deny {ip | ip-protocol-number} {source mask | any |host ip-address} {destination mask | any | host ip-address}command.Parameters log (OPTIONAL) Enter the keyword log to enable the triggeringof ACL log messages.threshold-inmsgs count(OPTIONAL) Enter the threshold-in-msgs keywordfollowed by a value to indicate the maximum number of ACLlogs that can be generated, exceeding which the generationof ACL logs is terminated. with the seq, permit, or denycommands. The threshold range is from 1 to 100.intervalminutes(OPTIONAL) Enter the keyword interval followed by thetime period in minutes at which ACL logs must be generated.The time interval range is from 1 to 10 minutes.monitor (OPTIONAL) Enter the keyword monitor when the rule isdescribing the traffic that you want to monitor and the ACLin which you are creating the rule is applied to the monitoredinterface.Access Control Lists (ACL) 301