Configuring Port Mirroring
You can create a port mirror and configure the parameters using the mirror-create command.
CLI (network-admin@switch) > mirror-create
|
mirror-create |
Create mirrored ports. |
|
name name-string |
Specify a mirror name. |
|
Specify the following options: |
|
|
direction [ingress|egress|bidirectional] |
Specify the direction of the traffic on the source port to be mirrored. Use this option to mirror the traffic that is received on source ports or traffic that leaves source ports, or both. The default direction is ingress. |
|
out-port port-list |
Specify one or more outgoing traffic ports. |
|
out-trunk trunk name |
Specifying outgoing traffic trunk (link aggregation). out-trunk option load balances the outgoing traffic among trunk ports. You can either configure an out-port or an out-trunk. |
|
in-port port-list |
Specify one or more incoming traffic ports. The in-ports can overlap among other mirror instances. |
|
filtering [port|vflow-and-port|vflow-or-port] |
Specify the traffic filter policy. With vflow-and-port policy, only if a packet matches both the vFlow and the in-port for the mirror will it get mirrored. With vflow-or-port policy, the packet gets mirrored if it matches either the vFlow or the in-port of the mirror. |
|
enable|disable |
Enable or disable the mirror. A mirror, once created, is enabled by default. |
|
other-egress-out [allow|prevent] |
Specify to allow or prevent switching of other traffic to out-port. The default status is prevent. |
|
span-encap [none|over-ip|over-vlan] |
Specify the mirror encapsulation type. Specify over-ip to enable ERSPAN and over-vlan to enable RSPAN. The default is none. |
|
span-local-ip ip-address |
Specify the local IPv4 address. |
|
span-remote-ip ip-address |
Specify the remote IPv4 address. |
|
span-src-mac mac-address |
Specify the source MAC address for the mirror. |
|
span-dst-mac mac-address |
Specify the destination MAC address for the mirror. |
|
span-tagging-vlan vlan-id |
Specify the mirror SPAN tagging VLAN ID. This VLAN carries the traffic in RSPAN configuration. |
|
span-tos 0..255 |
Specify the mirror SPAN Type of Service (ToS) as a value between 0 and 255. |
|
nvie-mirror|no-nvie-mirror |
Specify to mark/unmark this mirror as an NVIE mirror used to mirror traffic to NVIE virtual machines. |
Configuring Local SPAN
For Local SPAN, the in-port and out-port are on the same switch. For example:
CLI (network-admin@switch) > mirror-create name mirror1 direction ingress in-port 10 out-port 15
Netvisor ONE defines a mirror configuration, but does not add any traffic into that mirror. A sniffer tool like Wireshark can capture and analyze the mirrored traffic at the destination port. You can modify a mirror configuration by using the mirror-modify command. To view the details of a mirror configuration, use the mirror-show command.
For example:
CLI (network-admin@switch) > mirror-create name mirror2 direction bidirection out-port 10 in-port 15
The details of the mirror configured above can be viewed using the command:
CLI (network-admin@switch) > mirror-show layout vertical
name: mirror2
direction: bidirection
out-port: 10
in-port: 15
filtering: port
enable: yes
other-egress-out: prevent
nvie-mirror: false
To modify the above configuration, use the command:
CLI (network-admin@switch) > mirror-modify name mirror2 out-port 20
To view the modified configuration, use the command:
CLI (network-admin@switch) > mirror-show layout vertical
name: mirror2
direction: bidirection
out-port: 20
in-port: 15
filtering: port
enable: yes
other-egress-out: prevent
nvie-mirror: false
Use the following command to modify a configuration and setup mirroring to send traffic from a range of data ports to a destination SPAN port.
CLI (network-admin@switch) > mirror-modify mirror25 in-port 1-5 out-port 50
To disable the configuration, use the following command:
CLI (network-admin@switch) > mirror-modify mirror25 in-port 1-5 out-port 50 disable
By default, a port configured as out-port of a mirror only functions as egress port for mirrored traffic. The out-port does not allow transit traffic to flow through which, in certain cases, can lead to traffic black holing. To overcome this problem, the out-port may be configured to allow other egress traffic. For example:
CLI (network-admin@switch1) > mirror-create name mirror20 direction ingress in-port 81 out-port 86 other-egress-out allow
Configuring Multiple Port Mirrors
Netvisor ONE supports the creation of multiple mirrors. At a time, up to four unidirectional mirrors can be configured on any platform.
For example:
CLI (network-admin@switch) > mirror-create name rule1 in-port 1,2 out-port 50 span-encap over-vlan span-tagging-vlan 50
CLI (network-admin@switch) > mirror-create name rule2 in-port 3,4 out-port 51 span-encap over-vlan span-tagging-vlan 50
CLI (network-admin@switch) > mirror-create name rule3 in-port 5,6 out-port 52 span-encap over-vlan span-tagging-vlan 50
CLI (network-admin@switch) > mirror-create name rule4 in-port 7,8 out-port 53 span-encap over-vlan span-tagging-vlan 50
Note: All platforms support two bidirectional or four unidirectional mirrors. They also support either an out-port or an out-trunk per mirror.