Port Mirroring Considerations and Restrictions

Although you can configure the switch to monitor both ingress and egress traffic, some restrictions apply:

• The software does not support true egress mirroring because packets are mirrored prior to the completion of packet processing, so egress mirrored packets can differ from the packets egressing the port.

  

  Note

  To mirror the egress traffic, you can use the NEXT-hop device ingress mirroring to capture the egress packets of the switch.

• Mirrored traffic shares ingress queue and fabric bandwidth with normal traffic and therefore can impact normal traffic. Therefore, use these features with this potential consequence in mind and enable them only for troubleshooting, debugging, or for security purposes such as packet sniffing, intrusion detection, or intrusion prevention.

• You can configure as many ingress mirroring flows as you have filters.

• To avoid VLAN members from seeing mirrored traffic, you must remove mirroring (destination) ports from all VLANs.

• The MAC drops an error packet, for example, packets that are too short or too long. Control packets consumed by the MAC (802.3x flow control) are also not mirrored.

• Certain control packets generated by the CP cannot be egress mirrored, such as those in the following list:

  • BPDU

  • EAPoL

  • IP Directed Broadcast

  • LACP

  • LLDP

  • Multicast routed packets

  • NAAP

  • NLB

  • Nodal CFM

  • TDP

  • VLACP

• The system displays ingress multicast packets in egress mirroring.

• Incoming traffic that does not contain a VLAN tag is not mirrored into an I-SID if the offset ID is in the range 2 to 1000. It is mirrored to an I-SID only if the offset ID is 1.

• The original CVLAN tag on the mirrored packet is preserved for only one mirrored I-SID if the offset ID is 1. The original CVLAN tag is not preserved in a mirrored packet for all other remaining mirrored I-SIDs if the offset ID is in the range 2 to 1000.

Port Mirroring Resources

Port mirroring resources are limited to four ports simultaneously (where each mirroring direction counts as one). For example, if two mirroring ports are designated to mirror both ingress and egress traffic then all four mirroring ports are consumed.

Port mirroring shares these four resources with other applications such as port mirroring RSPAN, Fabric Extend, Application Telemetry, IPFIX, and ACL with mirror action. Each one of these applications consumes at least one port mirroring resource. (port mirroring RSPAN consumes two if you configure both Ingress and Egress modes.)

Important

To enable any one of the preceding applications, you must have at least one free mirroring resource. If all four port mirroring resources are already in use, the switch displays a Resource not available error message when you try to enable the application.

If you receive a Resource not available error message, you can use the show mirror-resources command to view information about mirror resource usage. For more information, see Displaying Mirror Resource Usage.