You can configure an ICL port mirroring in a multi-tenant architecture.
efa tenant epg create --name <epg-name> --tenant <tenant-name>
--type port-profile
--po <mirror-source-po-list>
--pp-ipv6-acl-in <acl-name>
--pp-ip-acl-in <acl-name> --pp-ip-acl-out <acl-name>
efa tenant service mirror session create –name <session-name> --tenant <tenant-name>
--source {<device-ip>,<eth | po | vlan>,<if-name>}
--type {<source-device-ip>,<eth | po | vlan>,<source-if-name>:<port-based | flow-based>}
--destination-type {<source-device-ip>,< eth | po | vlan>,<source-if-name>:<span>}
--destination {<source-device-ip>,<eth | po | vlan>,<source-if-name> :
<destination-device-ip>,<eth | po | vlan>,<destination-if-name}
--direction {<source-device-ip>,< eth | po | vlan>,<source-if-name> : <tx | rx | both>}
(efa:root)root@node-2:~# efa tenant show
+-------+------+------+------+------+------+-------+----------------------------+-------------------+
|Name | Type | VLAN | L2VNI|L3VNI | VRF |Enable | Ports | Mirroring Ports |
| | | Range| Range|Range | Count|BD | | |
+-------+------+------+------+------+------+-------+----------------------------+-------------------+
|shared |Shared| | | | 0 |false |10.20.246.15[0/46-47] |10.20.246.15[0/31] |
|Tenant | | | | | | |10.20.246.16[0/46-47] |10.20.246.16[0/31] |
| | | | | | | |10.20.246.21[0/9-10,0/46-48]|10.20.246.21[0/31] |
| | | | | | | |10.20.246.22[0/9-10,0/46-48]|10.20.246.22[0/31] |
| | | | | | | | |10.20.246.25[0/31] |
| | | | | | | | |10.20.246.26[0/31] |
+-------+------+------+------+------+------+-------+----------------------------+-------------------+
(efa:root)root@node 2:~# efa tenant po show
+-------+------+--+------+---+-----------+--------+-------+----------------+-----------+------------+-----------+
| Name |Tenant|ID|Speed |MTU|Negotiation|Min Link| Lacp | Ports | State | Dev State | App State |
| | | | | | |Count |Timeout| | | | |
+-------+------+--+------+---+-----------+--------+-------+----------------+-----------+------------+-----------+
|ten1po1|ten1 |64|10Gbps| | active | 1 | long |10.20.246.15 |po-created |provisioned |cfg-in-sync|
| | | | | | | | |[0/46-47] | | | |
| | | | | | | | |10.20.246.16 | | | |
| | | | | | | | |[0/46-47] | | | |
+-------+------+--+------+---+-----------+--------+-------+----------------+-----------+------------+-----------+
|ten2po1|ten2 |64|10Gbps| | active | 1 | long |10.20.246.21 |po-created |provisioned |cfg-in-sync|
| | | | | | | | |0/9-10,0/46-48] | | | |
| | | | | | | | |10.20.246.22| | | | |
| | | | | | | | |[0/9-10,0/46-48]| | | |
+-------+------+--+------+---+-----------+--------+-------+----------------+-----------+------------+-----------+
efa tenant epg create –name ten1epg1 –tenant ten1 --type port-profile --po ten1po1 --pp-ipv6-acl-in ext-ipv6-permit-any-mirror-acl efa tenant service mirror session create –name mirrorsession1 --tenant ten1 --source 10.20.246.15,po,ten1po1 --type 10.20.246.15,po,ten1po1:port-based --destination 10.20.246.15,po,ten1po1:10.20.246.15,eth,0/31 --destination-type 10.20.246.15,po,ten1po1:span --direction 10.20.246.15,po,ten1po1:tx efa tenant service mirror session create –name mirrorsession2 --tenant ten1 --source 10.20.246.15,po,ten1po1 --type 10.20.246.15,po,ten1po1:flow-based --destination 10.20.246.15,po,ten1po1:10.20.246.15,eth,0/31 --destination-type 10.20.246.15,po,ten1po1:span --direction 10.20.246.15,po,ten1po1:rx |
efa tenant epg create –name ten1epg2 –tenant ten1 --type port-profile --po ten1po2 --pp-ipv6-acl-in ext-ipv6-permit-any-mirror-acl efa tenant service mirror session create –name mirrorsession3 --tenant ten1 --source 10.20.246.21,po,ten1po2 --type 10.20.246.21,po,ten1po2:port-based --destination 10.20.246.21,po,ten1po2:10.20.246.21,eth,0/31 --destination-type 10.20.246.21,po,ten1po2:span --direction 10.20.246.21,po,ten1po2:tx efa tenant service mirror session create –name mirrorsession4 --tenant ten1 --source 10.20.246.21,po,ten1po2 --type 10.20.246.21,po,ten1po2:flow-based --destination 10.20.246.21,po,ten1po2:10.20.246.21,eth,0/31 --destination-type 10.20.246.21,po,ten1po2:span --direction 10.20.246.21,po,ten1po2:rx |
10.20.246.15SLX# show running-config ipv6 access-list ipv6 access-list extended ext-ipv6-permit-any-mirror-acl seq 10 permit ipv6 any any mirror ! SLX# SLX# show running-config int po 64 interface Port-channel 64 mtu 9216 description MCTPeerInterface ip address 10.20.20.3/31 ipv6 access-group ext-ipv6-permit-any-mirror-acl in no shutdown ! SLX# |
10.20.246.16SLX# show running-config ipv6 access-list ipv6 access-list extended ext-ipv6-permit-any-mirror-acl seq 10 permit ipv6 any any mirror ! SLX# SLX# show running-config int po 64 interface Port-channel 64 mtu 9216 description MCTPeerInterface ip address 10.20.20.2/31 ipv6 access-group ext-ipv6-permit-any-mirror-acl in no shutdown ! SLX# |
10.20.246.21SLX# show running-config ipv6 access-list ipv6 access-list extended ext-ipv6-permit-any-mirror-acl seq 10 permit ipv6 any any mirror ! SLX# SLX# show running-config int po 64 interface Port-channel 64 mtu 9216 description MCTPeerInterface ip address 10.20.20.3/31 ipv6 access-group ext-ipv6-permit-any-mirror-acl in no shutdown ! SLX# |
10.20.246.22SLX# show running-config ipv6 access-list ipv6 access-list extended ext-ipv6-permit-any-mirror-acl seq 10 permit ipv6 any any mirror ! SLX# SLX# show running-config int po 64 interface Port-channel 64 mtu 9216 description MCTPeerInterface ip address 10.20.20.2/31 ipv6 access-group ext-ipv6-permit-any-mirror-acl in no shutdown ! SLX# |
10.20.246.15SLX# show running-config monitor session monitor session 1 source port-channel 64 destination ethernet 0/31 direction tx ! monitor session 2 source port-channel 64 destination ethernet 0/31 direction rx flow-based ! SLX# show monitor session 1 Session : 1 Type : SPAN Description : [None] State : Enabled Source Interface : Po 64 (Up) Destination Interface : Eth 0/31 (Down) Direction : Tx Type : port-based SLX# show monitor session 2 Session : 2 Type : SPAN Description : [None] State : Enabled Source Interface : Po 64 (Up) Destination Interface : Eth 0/31 (Down) Direction : Rx Type : flow-based |
10.20.246.21SLX# show running-config monitor session monitor session 1 source port-channel 64 destination ethernet 0/31 direction tx ! monitor session 2 source port-channel 64 destination ethernet 0/31 direction rx flow-based ! SLX# show monitor session 1 Session : 1 Type : SPAN Description : [None] State : Enabled Source Interface : Po 64 (Up) Destination Interface : Eth 0/31 (Down) Direction : Tx Type : port-based SLX# show monitor session 2 Session : 2 Type : SPAN Description : [None] State : Enabled Source Interface : Po 64 (Up) Destination Interface : Eth 0/31 (Down) Direction : Rx Type : flow-based |