Configuring Remote Port Mirroring

Configuring VLAN-based Remote Port Mirroring

Remote port mirroring copies traffic between different switches and the mirrored traffic is carried over a specified VLAN. This functionality is also known as RSPAN.

To configure remote port mirroring over a VLAN, you must first create a mirror instance on the source switch (switch1 in the below CLI). You must also specify over-vlan as encapsulation scheme. For example:

CLI (network-admin@switch1) > mirror-create name mir2 direction ingress in-port 81 out-port 86 other-egress-out allow span-encap over-vlan span-tagging-vlan 200

This command tags all ingress packets on port 81 with VLAN 200 and these packets are sent out on port 86. If VLAN 200 is not configured on switch2, the packets are dropped at port 3. Thus, VLAN 200 must be configured on port 3 and port 10 of switch2 as shown below.

CLI (network-admin@switch2) > vlan-create id 200 scope local ports 3,10

The alternate method is to configure a mirror on switch2 with a VLAN 200 tagging.

For example:

CLI (network-admin@switch2) > mirror-create name mir3 in-port 3 out-port 10 span-encap over-vlan span-tagging-vlan 200

With this configuration, the mirrored packets can be analyzed at port 10 of switch2 by using a packet analyzer tool.

Note: If the path for the mirrored packets to reach the destination include multiple switches, the SPAN tagging VLAN must be configured on all the intermediate switches.