Mirroring configuration examples

Local mirroring using traffic-direction criteria

An administrator wants to mirror the inbound traffic from workstation "X" on port A5 and workstation "Y" on port B17 to a traffic analyzer connected to port C24 (see Local mirroring topology.) In this case, the administrator chooses "1" as the session number. (Any unused session number from 1 to 4 is valid.) Because the switch provides both the source and destination for the traffic to monitor, local mirroring can be used. In this case, the command sequence is:

  • Configure the local mirroring session, including the exit port.

  • Configure the monitored source interfaces for the session.

Local mirroring topology
Configuring a local mirroring session for all inbound and outbound port traffic

Remote mirroring using a classifier-based policy

In the network shown in the figure below, an administrator has connected a traffic analyzer to port A15 (in VLAN 30) on switch C to monitor the TCP traffic to the server at 10.10.30.153 from workstations connected to switches A and B. Remote mirroring sessions are configured on switches A and B, and a remote mirroring endpoint on switch C. TCP traffic is routed through the network to the server from VLANs 10 and 20 on VLAN 30.

Sample topology in a remote mirroring session

To configure this remote mirroring session using a classifier-based policy to select inbound TCP traffic on two VLAN interfaces, take the following steps:

  1. On remote switch C, configure a remote mirroring endpoint using port A15 as the exit port (as described in Configure a mirroring destination on a remote switch.)
    Configuring a remote mirroring endpoint: remote switch and exit port
  2. On source switch A, configure an association between the remote mirroring endpoint on switch C and a mirroring session on switch A (as described in Configure a mirroring session on the source switch.)

  3. On switch A, configure a classifier-based mirroring policy to select inbound TCP traffic destined to the server at 10.10.30.153, and apply the policy to the interfaces of VLAN 10 (as described in About selecting inbound traffic using advanced classifier-based mirroring.)
    Configuring a classifier-based policy on source switch A
  4. On source switch B, repeat steps 2 and 3:
    1. Configure an association between the remote mirroring endpoint on switch C and a mirroring session on switch B.

    2. Configure a classifier-based mirroring policy to select inbound TCP traffic destined to the server at 10.10.30.153, and apply the policy to a VLAN interface for VLAN 20.

    Because the remote session has mirroring sources on different switches, you can use the same session number (1) for both sessions.
    Configuring a classifier-based policy on source switch B

Remote mirroring using traffic-direction criteria

In the network shown in the figure below, the administrator connects another traffic analyzer to port B10 (in VLAN 40) on switch C to monitor all traffic entering switch A on port C12. For this mirroring configuration, the administrator configures a mirroring destination (with a remote exit port of B10) on switch C, and a remote mirroring session on switch A.

If the mirroring configuration in the proceeding example is enabled, it is necessary to use a different session number (2) and UDP port number (9400.) (The IP address of the remote exit port [10.10.40.7] connected to traffic analyzer 2 [exit port B10] can belong to a different VLAN than the destination IP address of the VLAN used to reach remote switch C [10.20.40.1]).

Sample topology for remote mirroring from a port interface
To configure this remote mirroring session using a directional-based traffic selection on a port interface, the operator must take the following steps:
  1. On remote switch C, configure the remote mirroring endpoint using port B10 as the exit port for a traffic analyzer (as described in Configure a mirroring destination on a remote switch):
    Configuring a remote mirroring endpoint
  2. On source switch A, configure session 2 to use UDP port 9400 to reach the remote mirroring endpoint on switch C (10.10.40.1):

    mirror 2 remote ip 10.10.10.119 9400 10.10.40.1

  3. On source switch A, configure the local port C12 to select all inbound traffic to send to the preconfigured mirroring destination for session 2:

    interface c12 monitor all in mirror 2
    Configuring a remote mirroring session for inbound port traffic