Configuring Mirror
Configuring Local Port Mirroring
Step 1 Configure the input port for mirror.
set interface ethernet-switching-options analyzer <mirror-name> input ingress <port-name>
set interface ethernet-switching-options analyzer <mirror-name> input egress <port-name>
Step 2 Configure the output port for mirror.
set interface ethernet-switching-options analyzer <mirror-name> output <port-name>
Step 3 Commit the configurations.
commit
Step 4 Verify the configuration.
run show analyzer [<mirror-name>]
Configuring ERSPAN
In addition to the following ERSPAN configurations on the source device, you have to complete two extra configurations on the route device and remote data monitoring server. For details, please refer to Example for Configuring ERSPAN.
- The remote data monitoring server does not need to support ERSPAN, but should support Linux GRE to decapsulate the receiving GRE message.
- Configure routing protocols on all routing devices to ensure the mirroring source device and the data monitoring server route reachable.
ERSPAN Configurations on the Source Device
Step 1 Configure the input port for ERSPAN mirror.
set interface ethernet-switching-options analyzer <mirror-name> erspan input ingress<port-name>
set interface ethernet-switching-options analyzer <mirror-name> erspan input egress<port-name>
Step 2 Configure the source IP address and destination IP address for ERSPAN encapsulation.
set interface ethernet-switching-options analyzer <mirror-name> erspan output source-ip <source-ip>
set interface ethernet-switching-options analyzer <mirror-name> erspan output dest-ip <dest-ip>
Step 3 Enable IP routing for L3 forwarding.
set ip routing enable <true|false>
Step 4 Commit the configurations.
commit
Step 5 Verify the configuration.
run show analyzer [<mirror-name>]
Configuring ACL-based ERSPAN
Step 1 Configure ACL filter rules. You can refer to ACL configuration guide for details about how to configure ACL filter rules.
set firewall filter <filter-name> sequence <number> from XX
Step 2 Apply the ACL filter rules to the mirroring input port.
NOTE: Due to hardware restrictions, currently it only supports to apply the ACL rules to the ingress direction of the mirroring input port. That is, the command set firewall filter <filter-name> output interface <interface-name> does not support for ACL-based ERSPAN.
set firewall filter <filter-name> input interface <interface-name>
Step 3 Configure the source IP address and destination IP address for ACL-based ERSPAN GRE
NOTE: The configured source IPv4 address and destination IPv4 address are used for the IP header encapsulation in the outer layer of the GRE message. Users have to configure the routing protocol to ensure the devices at both ends of the GRE tunnel are route reachable.
set firewall filter <filter-name> sequence <number> then erspan source-ip <source-ip>
set firewall filter <filter-name> sequence <number> then erspan dest-ip <dest-ip>
Step 4 Enable IP routing for L3 forwarding.
set ip routing enable <true|false>
Step 5 Commit the configurations.
commit
Step 6 Verify the configuration.
run show filter [<filter-name>]
Copyright © 2024 Pica8 Inc. All Rights Reserved.