set port mirroring

Use this command to create a new mirroring relationship or to enable or disable an existing mirroring relationship between two ports.

Syntax

set port mirroring {create | disable | enable} | igmp-mcast {enable | disable} source destination [both | rx | tx]

Parameters

create | disable | enable Creates, disables or enables mirroring settings on the specified ports.
igmp-mcast enable | disable Enables or disables the mirroring of IGMP multicast frames.
source Specifies the source port designation. This is the port on which the traffic will be monitored. LAGs are not supported as source ports on the 7100-Series platform.
destination Specifies the target port designation. This is the port that will duplicate or “mirror” all the traffic on the monitored port.
both | rx | tx (Optional) Specifies that frames received and transmitted by the source port, only frames received, or only frames transmitted will be mirrored.

Defaults

If not specified, both received and transmitted frames will be mirrored.

Mode

All command modes.

Usage

A port mirror is automatically enabled when created.

On the S-Series, an IDS mirror is a one-to-many port mirror that has been designed for use with an Intrusion Detection System. Ten destination ports must be reserved for an IDS mirror.

On the K-Series, an IDS mirror is a one-to-many port mirror that has been designed for use with an Intrusion Detection System. Ten destination ports must be reserved for an IDS mirror. The K-Series hardware does not support tx port mirror sources to IDS.

To mirror VLAN traffic to a port, you must first create a VLAN MIB-2 interface to use for the SMON MIB using the set vlan interface create command. The resulting port is a VTAP (vtap.0.vlan-id). Use the show port vtap.0.vlan-id command to display the VTAP port. To create the port mirror use the set port mirroring create command specifying the VTAP and the mirrored port.

Mirroring egress traffic on the 7100-Series platforsm results in the mirrored traffic always having an 802.1Q VLAN tag. The VLAN and priority values are those that were used for transmission of the original packet.

Examples

This S- and K-Series example shows how to enable port mirroring of transmitted and received frames with ge.1.4 as the source port and ge.1.11 as the target (destination) port:

System(rw)->set port mirroring enable ge.1.4 ge.1.11 both

The following example command sequence creates a port mirror for all VLAN 1 traffic, both inbound and outbound on port ge.1.4, by creating the VLAN MIB-2 interface and setting the mirrored port:

System(rw)->set vlan interface 1 create
System(rw)->set port mirroring create vtap.0.1 ge.1.4 both