Configuring Flow based SPAN

Configuring Flow Based Mirroring requires you to create ACLs that define the rules for the actions that will be performed on the targetted traffic. Multiple ACLs can be created and applied on the target interface. The following limitations apply:

• The following are allowed as source ports, Physical Ethernet, Port Channel, VLAN, or Virtual Ethernet.

• The following are allowed as destination ports, Physical Ethernet or Port Channel.

• You must create your ACLs and apply them to the source ports for mirroring.

• Disable protocols on the destination interfaces.

1. Access global configuration mode.
   

   SLX# configure terminal

2. (If necessary) Disable protocols on the destination interface.
   This example disables LLDP on the destination interface (eth 0/2).
   1. Enter interface configuration mode.
      

      SLX (config)# interface ethernet 0/2

   2. Disable LLDP.
      

      SLX (conf-if-eth-0/2)# lldp disable

   3. Exit interface configuration mode.
      

      SLX (conf-if-eth-0/2)# exit

3. Create an ACL to configure the action to be performed on a traffic type.
   

   SLX (config)#ip access-list extended mirror-my-port
   SLX (config-ipacl-ext)# 

4. Add the appropriate rules using the seq command. Create as many rules as required. This rule configures mirroring of traffic from 10.10.10.1 in any direction.
   

   SLX (config-ipacl-ext)#seq 5 permit ip host 10.10.10.1 any count mirror                    

5. Exit out of the ACL configuration.
   

   SLX (config-ipacl-ext)# exit
   SLX (config)#                    

6. Apply the ACL to the source interface.
   

   SLX (config)# interface ethernet 0/1
   SLX (config-eth-0/1)# ip access-group mirror-my-port in 
   SLX (config-eth-0/1)# ip access-group mirror-my-port out                    

7. Enter into the Monitor Session mode to configure the mirroring.
   

   SLX (config)# monitor session 25
   SLX (config-session-25)# source ethernet 0/1 destination ethernet 0/3 direction both flow-based

This configures the mirroring of the bi-directional traffic from ports 0/1 to 0/3.

Example

This example summarizes the above configuration

SLX # configure terminal
SLX (config)# interface ethernet 0/3
SLX (conf-if-eth-0/3)# lldp disable
SLX (conf-if-eth-0/3)# exit
SLX (config)#ip access-list extended mirror-my-port
SLX (config-ipacl-ext)#
SLX (config-ipacl-ext)#seq 5 permit ip host 10.10.10.1 any count mirror 
SLX (config-ipacl-ext)# exit
SLX (config)# interface ethernet 0/1
SLX (config-eth-0/1)# ip access-group mirror-my-port in 
SLX (config-eth-0/1)# ip access-group mirror-my-port out 
SLX (config-eth-0/1)# exit
SLX (config)# monitor session 25
SLX (config-session-25)# source ethernet 0/1 destination ethernet 0/3 direction both flow-based
SLX (config-session-25)# exit

This examples show a configuration for Flow Based Mirroring from a Port Channel port to an Ethernet port.

SLX (config)# monitor session 26
SLX (config-session-26)# source port-channel 1 destination ethernet 0/3 direction rx flow-based

This example shows a configuration for Flow Based Mirroring from an Ethernet port to a Port Channel port.

SLX (config)# monitor session 27
SLX (config-session-27)# source ethernet 0/1 destination port-channel 3 direction tx flow-based

This example shows a configuration for Flow Based Mirroring from a VE to an Ethernet port.

SLX (config)# monitor session 28
SLX (config-session-28)# source ve 1 destination ethernet 0/3 direction both flow-based            

This example show a configuration for Flow Based Mirroring from a VLAN to an Ethernet port.

SLX (config)# monitor session 29
SLX (config-session-29)# source vlan 100 destination ethernet 0/3 direction tx flow-based