20.1.2 Policy-Based Mirroring Behavior Specifications
- <Structure of this section>
(1) Basic Specifications
For traffic monitoring and analysis, set the port to which the analyzer is connected to the mirror port. The mirror port is a port dedicated to mirroring.
A combination of monitor ports and mirror ports is called a monitor session. You can configure multiple monitoring sessions on the Switch. In addition, received frames of the monitor port can be sent to different mirror ports.
Monitor and mirror ports can be used in any of the following combinations:
-
1 monitor port to 1 mirror port
-
Multiple Monitor Ports to Multiple Mirror Ports
You can configure different speed ports for the monitor and mirror ports. Because mirrored frames are sent within the line band of the mirror port, frames that exceed the line band are discarded.
(2) Monitor port
You configure policy-based mirroring monitor ports with access lists that identify the flows that you want to target. When configuring the monitor port, set the flow detection mode on the receiving side to a mode that supports policy-based mirroring.
Applies the access list specified for operation to an interface using the destination interface list for policy-based mirroring, and the applicable interface is used as the monitor port. The following table describes the configuration command parameters that are specified when an access list is applied to an interface.
|
Mirroring direction |
Parameter |
|---|---|
|
Receiving-side |
in-mirror |
For details about the target interface, flow detection conditions, precautions, and other information, see "1 Filter".
(3) Mirror port
You configure mirror ports for policy-based mirroring on the destination interface list.
Multiple mirror ports can be set in the destination interface list. If multiple mirror ports are configured, mirroring is performed on all the configured mirror ports simultaneously. Only physical interfaces can be configured as mirror ports.
The following table describes the functions of the mirror port.
-
VLAN function and Layer 3 communication function cannot be used. For this reason, functions such as Spanning Tree Protocols and Ring Protocol,IGMP snooping/MLD snooping that assume VLAN functionality, and functions such as SNMP,DHCP that assume the Layer 3 communication functionality cannot be used.
-
When the function to send control frames to the mirror port is set, control frames for the set functions are sent to the mirror port in addition to mirroring frames.
-
If you configure a sender filter for a mirror port, mirroring frames are also filtered. Therefore, if you configure discarding in the filter, the mirroring frame is discarded on the mirror port.
-
A mirroring frame is also sent if you use it as an uplink port for an uplink redundant and configure a mirror port for a port in the standby port state.
-
Mirroring frames are also sent when a mirror port is set for a port in the standby link state by the link aggregation non-link down mode.
(4) Mirroring received frames
-
Of the frames received on the monitor port, frames that detect a flow in the access list for which policy-based mirroring is specified are subject to mirroring. However, frames that are discarded as error frames on the Ethernet interface when they are received are not mirrored.
-
Frames discarded by the monitor port due to the reception filter set for the monitor port, bandwidth monitoring for QoS, or storm control are not forwarded but mirrored.