Configuring Port Mirroring
Use port mirroring to aid in diagnostic and security operations.
About this task
Use port mirroring to make a copy of a traffic flow and send that copy to a device for analysis, for example, for diagnostic sniffing. Use the mirror to see the packets in the flow without breaking into the physical connection to place a packet onto the sniffer inline. You can also use port mirroring for security. You can send flows to inspection engines for post processing.
Connect the sniffer (or other traffic analyzer) to the output port you specify in this procedure.
Procedure
Example
Port mirroring configuration:
Switch:1> enable Switch:1# configure terminal
Create the port mirroring instance:
Switch:1(config)# mirror-by-port 8 in-port 1/15 out-port 1/1
The analyzer connects to port 1/1.
Disable the entry:
Switch:1(config)# no mirror-by-port 8 enable
Mirror both ingress and egress traffic passing through port 1/16:
Switch:1(config)# mirror-by-port 8 mode both
Enable mirroring for the instance:
Switch:1(config)# mirror-by-port 8 enable
Fabric RSPAN configuration:
Switch:1> enable Switch:1# configure terminal
Create the Fabric RSPAN mirroring instance:
Switch:1(config)#mirror-by-port 3 in-port 1/3 monitor-isid-offset 3 mode both qos 3
Disable the entry:
Switch:1(config)# no mirror-by-port 3 enable
Mirror the egress traffic passing through port 1/3:
Switch:1(config)# mirror-by-port 3 mode tx
Enable Fabric RSPAN for the instance:
Switch:1(config)# mirror-by-port 3 enable
The sample command output in the following example does not necessarily reflect the preceding examples.
Switch:1>enable Switch:1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch:1(config)#show mirror-by-port ============================================================================= Diag Mirror-By-Port ============================================================================= ID MIRRORED_PORT MIRRORING_DEST ENABLE MODE REMOTE-MIRROR DSCP TTL VLAN-ID ------------------------------------------------------------------------------ 1 1/1 2/1 true both 0 0 64 2 1/2 2/2 true rx 0 0 64 3 1/3 2/3 true tx 0 0 64 4 1/4 2/4 true both 0 0 64
Variable Definitions
The following table defines parameters for the mirror-by-port command.
Variable |
Value |
---|---|
<1-479> |
Specifies the entry ID. |
enable |
Enables or disables a mirroring instance already created in the mirror-by-port table. |
in-port {slot/port[/sub-port] [-slot/port[/sub-port]] [,...]}{|monitor-mlt <1-512> |out-port {slot/port[/sub-port] [-slot/port[/sub-port]] [,...]} |
Creates a new mirror-by-port table entry.
|
mirror-port <1-479> {slot/port[/sub-port] [-slot/port[/sub-port]] [,...]} |
Modifies the mirrored port. Before you can modify an existing entry, you must disable the entry: no mirror-by-port <1-479> enable. |
monitor-ip <1-479> {A.B.C.D} [dscp <0-63>] [ttl <2-255>] |
Creates a mirroring instance for Layer 3 mirroring. The destination must be an IP address {A.B.C.D}. The default DSCP is 0 and the default TTL is 255. |
monitor-mlt <1-479> <1-512> |
Modifies the monitoring MLT.<1-512> specifies the mirroring MLT ID. Before you can modify an existing entry, you must disable the entry: no mirror-by-port <1-479> enable. |
monitor-port <1-479> {slot/port[/sub-port] [-slot/port[/sub-port]] [,...]} |
Modifies the monitoring ports. Before you can modify an existing entry, you must disable the entry: no mirror-by-port <1-479> enable. |
monitor-vlan <1-479> <1-4059> |
Modifies the monitoring VLAN. Before you can modify an existing entry, you must disable the entry: no mirror-by-port <1-479> enable. Specifies the VLAN ID in the range of 1 to 4059. By default, VLAN IDs 1 to 4059 are configurable and the system reserves VLAN IDs 4060 to 4094 for internal use. On switches that support the vrf-scaling and spbm-config-mode boot configuration flags, if you enable these flags, the system also reserves VLAN IDs 3500 to 3998. VLAN ID 1 is the default VLAN and you cannot create or delete VLAN ID 1. |
mode <both|rx|tx> |
Configures the mirroring mode. The default is rx.
|
monitor-isid-offset <1-1000> |
Specifies the offset ID that is mapped to the actual monitor I-SID where packets are mirrored. Monitor I-SID = base monitor I-SID + offset ID. The base monitor I-SID is 16776000. |
qos <0-5> |
Specifies the Quality of Service (QoS) profiles for the system. Monitoring I-SID supports six different QoS levels, each QoS level can be configured individually. Default value is 1. |