Mirroring configuration examples
Local mirroring using traffic-direction criteria
An administrator wants to mirror the inbound traffic from workstation "X" on port A5 and workstation "Y" on port B17 to a traffic analyzer connected to port C24 (see Local mirroring topology.) In this case, the administrator chooses "1" as the session number. (Any unused session number from 1 to 4 is valid.) Because the switch provides both the source and destination for the traffic to monitor, local mirroring can be used. In this case, the command sequence is:
Configure the local mirroring session, including the exit port.
Configure the monitored source interfaces for the session.
Remote mirroring using a classifier-based policy
In the network shown in the figure below, an administrator has connected a traffic analyzer to port A15 (in VLAN 30) on switch C to monitor the TCP traffic to the server at 10.10.30.153 from workstations connected to switches A and B. Remote mirroring sessions are configured on switches A and B, and a remote mirroring endpoint on switch C. TCP traffic is routed through the network to the server from VLANs 10 and 20 on VLAN 30.
To configure this remote mirroring session using a classifier-based policy to select inbound TCP traffic on two VLAN interfaces, take the following steps:
- On remote switch C, configure a remote mirroring endpoint using port A15 as the exit port (as described in Configure a mirroring destination on a remote switch.)
On source switch A, configure an association between the remote mirroring endpoint on switch C and a mirroring session on switch A (as described in Configure a mirroring session on the source switch.)
- On switch A, configure a classifier-based mirroring policy to select inbound TCP traffic destined to the server at 10.10.30.153, and apply the policy to the interfaces of VLAN 10 (as described in About selecting inbound traffic using advanced classifier-based mirroring.)
- On source switch B, repeat steps 2 and 3:
Configure an association between the remote mirroring endpoint on switch C and a mirroring session on switch B.
Configure a classifier-based mirroring policy to select inbound TCP traffic destined to the server at 10.10.30.153, and apply the policy to a VLAN interface for VLAN 20.
Remote mirroring using traffic-direction criteria
In the network shown in the figure below, the administrator connects another traffic analyzer to port B10 (in VLAN 40) on switch C to monitor all traffic entering switch A on port C12. For this mirroring configuration, the administrator configures a mirroring destination (with a remote exit port of B10) on switch C, and a remote mirroring session on switch A.
If the mirroring configuration in the proceeding example is enabled, it is necessary to use a different session number (2) and UDP port number (9400.) (The IP address of the remote exit port [10.10.40.7] connected to traffic analyzer 2 [exit port B10] can belong to a different VLAN than the destination IP address of the VLAN used to reach remote switch C [10.20.40.1]).
- On remote switch C, configure the remote mirroring endpoint using port B10 as the exit port for a traffic analyzer (as described in Configure a mirroring destination on a remote switch):
On source switch A, configure session 2 to use UDP port 9400 to reach the remote mirroring endpoint on switch C (10.10.40.1):
mirror 2 remote ip 10.10.10.119 9400 10.10.40.1
On source switch A, configure the local port C12 to select all inbound traffic to send to the preconfigured mirroring destination for session 2:
interface c12 monitor all in mirror 2