Brocade FastIron Ethernet Switch Platform and Layer 2 Switching Configuration Guide User Manual
Page 237
Configuration notes for port mirroring and monitoring
Refer to the following guidelines when configuring port mirroring and monitoring:
• If you configure both ACL mirroring and ACL-based rate limiting on the same port, then all packets
that match are mirrored, including the packets that exceed the rate limit.
• ICX and FCX Series devices support sFlow and port monitoring together on the same port.
• FastIron X Series devices support port monitoring and sFlow together on the same device. The
caveat is that port monitoring and sFlow cannot be configured together within the same port region.
Refer to
on page 19 for a list of valid port ranges on these devices. This restriction
only applies to first- and second-generation modules.
• You can configure a mirror port specifically as an ingress port, an egress port, or both.
• Mirror ports can run at any speed and are not related to the speed of the ingress or egress monitored
ports.
• The same port cannot be both a monitored port and the mirror port.
• The same port can be monitored by one mirror port for ingress traffic and another mirror port for
egress traffic.
• The mirror port cannot be a trunk port.
• The monitored port and its mirror port do not need to belong to the same port-based VLAN:
‐
If the mirror port is in a different VLAN from the monitored port, the packets are tagged with
the monitor port VLAN ID. This does not apply if the mirror port resides on the SX-FI48GPP
module. In this case, mirrored packets are not tagged with a monitor port VLAN ID.
‐
If the mirror port is in the same VLAN as the monitored port, the packets are tagged or
untagged, depending on the mirror port configuration.
• More than one monitored port can be assigned to the same mirror port.
• If the primary interface of a trunk is enabled for monitoring, the entire trunk is monitored. You can
also enable an individual trunk port for monitoring using the config-trunk-ind command.
• For stacked devices, if the ingress and egress analyzer ports are always network ports on the local
device, each device may configure the ingress and egress analyzer port independently. However, if
you need to mirror to a remote port, then only one ingress and one egress analyzer port are
supported for the enitre system.
• For ingress ACL mirroring, the ingress rule for stacked devices also applies. The analyzer port setting
command acl-mirror-port must be specified for each port, even though the hardware only supports
one port per device. This applies whether the analyzer port is on the local device or on a remote
device. For example, when port mirroring is set to a remote device, any mirroring-enabled ports
(ACL, MAC address filter, or VLAN) enabled ports are set globally to a single analyzer port, as shown
in the following example.
device(config)# mirror ethernet 1/1/24
device(config)# mirror ethernet 2/1/48
device(config)# interface ethernet 1/1/1
device(config-if-e1000-1/1/1)# monitor ethernet 2/1/48 both
The analyzer port (2/1/48) is set to all devices in the system.
device(config)# interface ethernet 1/1/2
device(config-if-e1000-1/1/2)# ip access-group 101 in
device(config-if-e1000-1/1/2)# interface ethernet 1/1/1
device(config-if-e1000-1/1/1)# acl-mirror-port ethernet 2/1/48
The previous command is required even though the analyzer port is already set globally by the port
mirroring command.
device(config)# interface ethernet 1/1/3
device(config-if-e1000-1/1/3)# ip access-group 101 in
Configuration notes for port mirroring and monitoring
FastIron Ethernet Switch Platform and Layer 2 Switching Configuration Guide
237
53-1003086-04