Configuration Guide Vol. 2

19.2.2 Configuring Policy-Based Mirroring

The target frame for policy-based mirroring and the destination interface list for mirroring the target frame are specified in the access list. The destination interface is configured in the Destination Interface list.

To use policy-based mirroring, set the flow detection mode on the receiving side to a mode that supports policy-based mirroring.

<Structure of this section>

(1) Setting a 1-Monitor Port to 1-Mirror Port

The following shows an example of operating a single monitor port to a single mirror port. In this example, the analyzer is connected to Ethernet interface 1/0/10.

Points to note

Configure the destination interface list for the mirror port. For the monitor port, configure the destination interface list as policy-based mirroring with the access list specified for operation.

Command examples

  1. (config)# destination-interface-list MIRROR-LIST-A mode mirror

    (config-dest-mirror)# destination session 1 interface gigabitethernet 1/0/10

    (config-dest-mirror)# exit

    Sets Ethernet interface 1/0/10 as the mirror port in the destination interface list (MIRROR-LIST-A).

  2. (config)# mac access-list extended MIRROR-A

    (config-ext-macl)# permit any any vlan 100 action policy-mirror-list MIRROR-LIST-A

    (config-ext-macl)# exit

    Creates a MAC access list (MIRROR-A) and configures the destination interface list (MIRROR-LIST-A) for VLAN 100 packets.

  3. (config)# interface gigabitethernet 1/0/1

    (config-if)# mac access-group MIRROR-A in-mirror

    (config-if)# exit

    Applies MAC access list (MIRROR-A) as policy-based mirroring to the receiver of Ethernet interface 1/0/1.

(2) Mirroring Multiple Monitor Ports

The following shows an example of mirroring from multiple monitor ports. In this example, the analyzer is connected to Ethernet interface 1/0/10.

Points to note

Sets the access list for which the destination interface list is specified for operation to multiple monitor ports as policy-based mirroring.

Command examples

  1. (config)# destination-interface-list MIRROR-LIST-B mode mirror

    (config-dest-mirror)# destination session 1 interface gigabitethernet 1/0/10

    (config-dest-mirror)# exit

    Sets Ethernet interface 1/0/10 as the mirror port in the destination interface list (MIRROR-LIST-B).

  2. (config)# ip access-list extended MIRROR-B

    (config-ext-nacl)# permit udp any any action policy-mirror-list MIRROR-LIST-B

    (config-ext-nacl)# exit

    Sets the destination interface list (MIRROR-LIST-B) for IPv4 packets by creating a IPv4 access list (IPv4-MIRROR-B).

  3. (config)# interface gigabitethernet 1/0/1

    (config-if)# ip access-group MIRROR-B in-mirror

    (config-if)# exit

    (config)# interface gigabitethernet 1/0/2

    (config-if)# ip access-group MIRROR-B in-mirror

    (config-if)# exit

    (config)# interface gigabitethernet 1/0/3

    (config-if)# ip access-group MIRROR-B in-mirror

    (config-if)# exit

    Applies IPv4 access list (IPv4-MIRROR-B) as policy-based mirroring to the receivers of Ethernet interfaces 1/0/1, 1/0/2, and 1/0/3.

[Product name label]

All Rights Reserved, Copyright(C), 2022, 2023, ALAXALA Networks, Corp.