Configuring Port Mirroring
You can create a port mirror and configure the parameters using the mirror-create command.
CLI (network-admin@switch) > mirror-create
mirror-create |
Create mirrored ports. |
name name-string |
Specify a mirror name. |
Specify the following options: |
|
direction [ingress|egress|bidirectional] |
Specify the direction of the traffic on the source port to be mirrored. Use this option to mirror the traffic that is received on source ports or traffic that leaves source ports, or both. |
out-port port-list |
Specify one or more outgoing traffic ports. |
out-trunk trunk name |
Specifying outgoing traffic trunk (link aggregation). out-trunk option load balances the outgoing traffic among trunk ports. You can either configure an out-port or an out-trunk. |
in-port port-list |
Specify one or more incoming traffic ports. The in-ports can overlap among other mirror instances. |
filtering [port|vflow-and-port|vflow-or-port] |
Specify the traffic filter policy. With vflow-and-port policy, only if a packet matches both the vFlow and the in-port for the mirror will it get mirrored. With vflow-or-port policy, the packet gets mirrored if it matches either the vFlow or the in-port of the mirror. |
enable|disable |
Enable or disable the mirror. A mirror, once created, is enabled by default. |
other-egress-out [allow|prevent] |
Specify to allow or prevent switching of other traffic to out-port. The default status is prevent. |
span-encap [none|over-vlan] |
Specify the mirror encapsulation type. Specify over-vlan to enable RSPAN. The default is none. |
span-local-ip ip-address |
Specify the local IPv4 address. |
span-remote-ip ip-address |
Specify the remote IPv4 address. |
span-src-mac mac-address |
Specify the source MAC address for the mirror. |
span-dst-mac mac-address |
Specify the destination MAC address for the mirror. |
span-tagging-vlan vlan-id |
Specify the mirror SPAN tagging VLAN ID. This VLAN carries the traffic in RSPAN configuration. |
span-tos 0..255 |
Specify the mirror SPAN Type of Service (ToS) as a value between 0 and 255. |
nvie-mirror|no-nvie-mirror |
Specify to mark/unmark this mirror as an NVIE mirror used to mirror traffic to NVIE virtual machines. |
Configuring Local SPAN
For Local SPAN, the in-port and out-port are on the same switch. For example:
CLI (network-admin@switch) > mirror-create name mir1 direction ingress in-port 10 out-port 15
Netvisor ONE defines a mirror configuration, but does not add any traffic into that mirror. A sniffer tool like Wireshark can be used to capture and analyze the mirrored traffic at the destination port. You can modify a mirror configuration using the mirror-modify command. To view the details of a mirror configuration that you had created already, use the mirror-show command.
For example, if you had created the following mirror configuration:
CLI (network-admin@switch) > mirror-create name test direction bidirectional out-port 10 in-port 15
The details of the configuration can be viewed using the command:
CLI (network-admin@switch) > mirror-show
name direction out-port in-port filtering enable other-egress-out nvie-mirror
---- ----------- -------- ------- --------- ------ ---------------- -----------
test bidirection 10 15 port yes prevent false
To modify the above configuration, use the command:
CLI (network-admin@switch) > mirror-modify name test out-port 20
To view the modified configuration, use the command:
CLI (network-admin@switch) > mirror-show
name direction out-port in-port filtering enable other-egress-out nvie-mirror
---- ----------- -------- ------- --------- ------ ---------------- -----------
test bidirection 20 15 port yes prevent false
Use the following command to modify a configuration and setup mirroring to send traffic from a range of data ports to multiple destination SPAN ports.
CLI (network-admin@switch) > mirror-modify mir25 in-port 1-5 out-port 50-52
To disable the configuration, use the following command:
CLI (network-admin@switch) > mirror-modify mir25 in-port 1-5 out-port 50 disable
By default, a port configured as out-port of a mirror only functions as egress port for mirrored traffic. The out-port does not allow transit traffic to flow through which, in certain cases, can lead to traffic black holing. To overcome this problem, the out-port may be configured to allow other egress traffic. For example:
CLI (network-admin@switch1) > mirror-create name mir20 direction ingress in-port 81 out-port 86 other-egress-out allow
Configuring Multiple Port Mirrors
Netvisor ONE supports the creation of multiple mirrors based on the platforms used and at a time, you can configure up to four mirrors on a switch.
For example:
CLI (network-admin@switch) > mirror-create name rule1 in-port 1,2 out-port 50,53 span-encap over-vlan span-tagging-vlan 50
CLI (network-admin@switch) > mirror-create name rule2 in-port 3,4 out-port 51-53 span-encap over-vlan span-tagging-vlan 50
CLI (network-admin@switch) > mirror-create name rule3 in-port 5,6 out-port 51,52 span-encap over-vlan span-tagging-vlan 50
CLI (network-admin@switch) > mirror-create name rule4 in-port 7,8 out-port 53 span-encap over-vlan span-tagging-vlan 50