Configuring Mirror
Configuring Local Port Mirroring
Step 1Â Â Â Â Â Configure the input port for mirror.
set interface ethernet-switching-options analyzer <mirror-name> input ingress <port-name>
set interface ethernet-switching-options analyzer <mirror-name> input egress <port-name>
Step 2Â Â Â Â Â Configure the output port for mirror.
set interface ethernet-switching-options analyzer <mirror-name> output <port-name>
Step 3Â Â Â Â Â Commit the configurations.
      commit
Step 4Â Â Â Â Â Verify the configuration.
           run show analyzer [<mirror-name>]
Configuring ERSPAN
In addition to the following ERSPAN configurations on the source device, you have to complete two extra configurations on the route device and remote data monitoring server. For details, please refer to Example for Configuring ERSPAN.
- The remote data monitoring server does not need to support ERSPAN, but should support Linux GRE to decapsulate the receiving GRE message.
- Configure routing protocols on all routing devices to ensure the mirroring source device and the data monitoring server route reachable.
ERSPAN Configurations on the Source Device
Step 1Â Â Â Â Â Configure the input port for ERSPAN mirror.
set interface ethernet-switching-options analyzer <mirror-name> erspan input ingress<port-name>
set interface ethernet-switching-options analyzer <mirror-name> erspan input egress<port-name>
Step 2Â Â Â Â Â Configure the source IP address and destination IP address for ERSPAN encapsulation.
set interface ethernet-switching-options analyzer <mirror-name> erspan output source-ip <source-ip>
set interface ethernet-switching-options analyzer <mirror-name> erspan output dest-ip <dest-ip>
Step 3Â Â Â Â Â Enable IP routing for L3 forwarding.
set ip routing enable <true|false>
Step 4Â Â Â Â Â Commit the configurations.
 commit
Step 5Â Â Â Â Â Verify the configuration.
           run show analyzer [<mirror-name>]
Configuring ACL-based ERSPAN
Step 1Â Â Â Â Â Configure ACL filter rules. You can refer to ACL configuration guide for details about how to configure ACL filter rules.
set firewall filter <filter-name> sequence <number> from XX
Step 2Â Â Â Â Â Apply the ACL filter rules to the mirroring input port.
NOTE: Due to hardware restrictions, currently it only supports to apply the ACL rules to the ingress direction of the mirroring input port. That is, the command set firewall filter <filter-name> output interface <interface-name> does not support for ACL-based ERSPAN.
set firewall filter <filter-name> input interface <interface-name>
Step 3Â Â Â Â Â Configure the source IP address and destination IP address for ACL-based ERSPAN Â GRE
NOTE: The configured source IPv4 address and destination IPv4 address are used for the IP header encapsulation in the outer layer of the GRE message. Users have to configure the routing protocol to ensure the devices at both ends of the GRE tunnel are route reachable.
set firewall filter <filter-name> sequence <number> then erspan source-ip <source-ip>
set firewall filter <filter-name> sequence <number> then erspan dest-ip <dest-ip>
Step 4Â Â Â Â Â Enable IP routing for L3 forwarding.
set ip routing enable <true|false>
Step 5Â Â Â Â Â Commit the configurations.
commit
Step 6Â Â Â Â Â Verify the configuration.
           run show filter [<filter-name>]
Copyright © 2024 Pica8 Inc. All Rights Reserved.