You can configure VLAN-based mirroring in a multi-tenant architecture.
efa tenant epg create --name <epg-name> --tenant <tenant-name> --switchport --switchport-mode trunk –ctag-range <ctag-range> --port <mirror-source-port-list> --po <mirror-source-po-list> --pp-mac-acl-in <acl-name> --pp-mac-acl-out <acl-name> --pp-ip-acl-in <acl-name> --pp-ip-acl-out <acl-name> --np-mac-acl-in <ctag:acl-name> --np-mac-acl-out <ctag:acl-name> --np-ip-acl-in <ctag:acl-name> --np-ip-acl-out <ctag:acl-name>
efa tenant service mirror session create –name <session-name> --tenant <tenant-name> --source {<device-ip>,<eth | po | vlan>,<if-name>} --type {<source-device-ip>,<eth | po | vlan>,<source-if-name>:<port-based | flow-based>} --destination {<source-device-ip>,<eth | po | vlan>,<source-if-name> : <destination-device-ip>,<eth | po | vlan>,<destination-if-name} --destination-type {<source-device-ip>,< eth | po | vlan>,<source-if-name>:<span>} --direction {<source-device-ip>,< eth | po | vlan>,<source-if-name> : <tx | rx | both>} (efa:root)root@node-2:~# efa tenant show +-------+-------+------+------+------+------+------+---------------------+------------------+ |Name | Type | VLAN | L2VNI| L3VNI| VRF |Enable| Ports | Mirroring Ports | | | | Range| Range| Range| Count|BD | | | +-------+-------+------+------+------+------+------+---------------------+------------------+ |shared |Shared | | | | 0 |false | |10.20.246.16[0/31]| |Tenant | | | | | | | |10.20.246.21[0/31]| | | | | | | | | |10.20.246.22[0/31]| | | | | | | | | |10.20.246.25[0/31]| | | | | | | | | |10.20.246.26[0/31]| +-------+-------+------+------+------+------+------+---------------------+------------------+ | ten1 |private| 11-20| | | 10 |false |10.20.246.15[0/1-10] | | | | | | | | | |10.20.246.16[0/1-10] | | | | | | | | | |10.20.246.21[0/1-10] | | | | | | | | | |10.20.246.22[0/1-10] | | +-------+-------+------+------+------+------+------+---------------------+------------------+ | ten2 |private| 21-30| | | 10 |false |10.20.246.15[0/11-20]| | | | | | | | | |10.20.246.16[0/11-20]| | | | | | | | | |10.20.246.21[0/11-20]| | | | | | | | | |10.20.246.22[0/11-20]| | +-------+-------+------+------+------+------+------+---------------------+------------------+ (efa:root)root@node 2:~# efa tenant po show +--------+-------+-----------+-----+-----------+----------+-------+-------------------+-----------+-------------+-------------+ | Name |Tenant |ID | Speed | MTU |Negotiation| Min Link | Lacp | Ports | State | Dev State | App State | | | | | | | | Count |Timeout| | | | | +--------+-------+-----------+-----+-----------+----------+-------+-------------------+-----------+-------------+-------------+ |ten1po1 |ten1 | 2 | 10Gbps| | active | 1 | long | 10.20.246.15[0/1] | po-created| provisioned | cfg-in-sync | | | | | | | | | | 10.20.246.16[0/1] | | | | +--------+-------+-----------+-----+-----------+----------+-------+-------------------+-----------+-------------+-------------+ |ten2po1 |ten2 | 3 | 10Gbps| | active | 1 | long | 10.20.246.15[0/11]| po-created| provisioned | cfg-in-sync | | | | | | | | | | 10.20.246.16[0/11]| | | | +--------+-------+-----------+-----+-----------+----------+-------+-------------------+-----------+-------------+-------------+ |ten1po2 |ten1 | 2 | 10Gbps| | active | 1 | long | 10.20.246.21[0/1] | po-created| provisioned | cfg-in-sync | | | | | | | | | | 10.20.246.22[0/1] | | | | +--------+-------+-----------+-----+-----------+----------+-------+-------------------+-----------+-------------+-------------+ |ten2po2 |ten2 | 3 | 10Gbps| | active | 1 | long | 10.20.246.21[0/11]| po-created| provisioned | cfg-in-sync | | | | | | | | | | 10.20.246.22[0/11]| | | | +--------+-------+---+-------+-----+-----------+----------+-------+-------------------+-----------+-------------+-------------+
efa tenant epg create –name ten1epg1 –tenant ten1 --switchport-mode trunk --po ten1po1,ten1po2 --ctag-range 11 --np-mac-acl-in 11:ext-mac-permit-any-mirror-acl --np-mac-acl-out 11:ext-mac-permit-any-mirror-acl efa tenant service mirror session create –name ten1mirrorsession1 --tenant ten1 --source vlan,11 --type vlan,11:flow-based --destination-type vlan,11:span --destination vlan,11:10.20.246.15,eth,0/31 --direction vlan,11:both |
efa tenant epg create –name ten2epg1 –tenant ten2 --switchport-mode trunk --po ten2po1,ten2po2 --ctag-range 21 --np-mac-acl-in 21:ext-mac-permit-any-mirror-acl --np-mac-acl-out 21:ext-mac-permit-any-mirror-acl efa tenant service mirror session create –name ten2mirrorsession1 --tenant ten2 --source vlan,21 --type vlan,21:flow-based --destination-type vlan,21:span --destination vlan,21:10.20.246.16,eth,0/31 --direction vlan,21:both |
10.20.246.15SLX# show running-config mac access-list mac access-list extended ext-mac-permit-any-mirror-acl seq 10 permit any any mirror ! SLX# SLX# show running-config vlan 11,21 vlan 11 description Tenant L2 Extended VLAN mac access-group ext-mac-permit-any-mirror-acl in mac access-group ext-mac-permit-any-mirror-acl out ! vlan 21 description Tenant L2 Extended VLAN mac access-group ext-mac-permit-any-mirror-acl in mac access-group ext-mac-permit-any-mirror-acl out ! SLX# |
10.20.246.16SLX# show running-config mac access-list mac access-list extended ext-mac-permit-any-mirror-acl seq 10 permit any any mirror ! SLX# SLX# show running-config vlan 11,21 vlan 11 description Tenant L2 Extended VLAN mac access-group ext-mac-permit-any-mirror-acl in mac access-group ext-mac-permit-any-mirror-acl out ! vlan 21 description Tenant L2 Extended VLAN mac access-group ext-mac-permit-any-mirror-acl in mac access-group ext-mac-permit-any-mirror-acl out ! SLX# |
10.20.246.21SLX# show running-config mac access-list mac access-list extended ext-mac-permit-any-mirror-acl seq 10 permit any any mirror ! SLX# SLX# show running-config vlan 11,21 vlan 11 description Tenant L2 Extended VLAN mac access-group ext-mac-permit-any-mirror-acl in mac access-group ext-mac-permit-any-mirror-acl out ! vlan 21 description Tenant L2 Extended VLAN mac access-group ext-mac-permit-any-mirror-acl in mac access-group ext-mac-permit-any-mirror-acl out ! SLX# |
10.20.246.22SLX# show running-config mac access-list mac access-list extended ext-mac-permit-any-mirror-acl seq 10 permit any any mirror ! SLX# SLX# show running-config vlan 11,21 vlan 11 description Tenant L2 Extended VLAN mac access-group ext-mac-permit-any-mirror-acl in mac access-group ext-mac-permit-any-mirror-acl out ! vlan 21 description Tenant L2 Extended VLAN mac access-group ext-mac-permit-any-mirror-acl in mac access-group ext-mac-permit-any-mirror-acl out ! SLX# |
10.20.246.15-16SLX# show running-config monitor session monitor session 1 source vlan 11 destination ethernet 0/31 direction both flow-based ! monitor session 2 source vlan 21 destination ethernet 0/31 direction both flow-based !SLX# SLX# show monitor session 1 Session : 1 Type : SPAN Description : [None] State : Enabled Source Interface : Vlan 11 Destination Interface : Eth 0/31 (Down) Direction : Both Type : flow-based SLX# show monitor session 2 Session : 2 Type : SPAN Description : [None] State : Enabled Source Interface : Vlan 21 Destination Interface : Eth 0/31 (Down) Direction : Both Type : flow-based SLX# |
10.20.246.21-22SLX# show running-config monitor session monitor session 1 source vlan 11 destination ethernet 0/31 direction both flow-based ! monitor session 2 source vlan 21 destination ethernet 0/31 direction both flow-based !SLX #SLX# show monitor session 1 Session : 1 Type : SPAN Description : [None] State : Enabled Source Interface : Vlan 11 Destination Interface : Eth 0/31 (Down) Direction : Both Type : flow-based SLX# show monitor session 2 Session : 2 Type : SPAN Description : [None] State : Enabled Source Interface : Vlan 21 Destination Interface : Eth 0/31 (Down) Direction : Both Type : flow-based SLX# |