Destination mirror port – Brocade FastIron Ethernet Switch Platform and Layer 2 Switching Configuration Guide User Manual
Page 241
• SX-FI-2XG
• SX-FI-8XG
On all other interface modules, you can select traffic to be mirrored using only a permit clause.
Destination mirror port
You can specify physical ports or a trunk to mirror traffic. If you complete the rest of the configuration
but do not specify a destination mirror port, the port-mirroring ACL is non-operational. This can be
useful if you want to be able to mirror traffic by a set criteria on demand. With this configuration, you
configure a destination mirror port whenever you want the port-mirroring ACL to become operational.
The following sections describe how to specify a destination port for a port or a trunk, as well as the
special considerations required when mirroring traffic from a virtual interface.
Specifying the destination mirror port for physical ports
When you want traffic that has been selected by ACL-based inbound mirroring to be mirrored, you must
configure a destination mirror port. This configuration is performed at the interface configuration level of
the port with the traffic you are mirroring. The destination port must be the same for all ports in a port
region as described in
Ports from a port region must be mirrored to the same destination mirror port
.
In the following example, ACL mirroring traffic from port 1/1 is mirrored to port 1/3.
device(config)#interface ethernet 1/1
device(config-if-e10000-1/1)#ACL-mirror-port ethernet 1/3
Syntax: [no] ACL-mirror-port ethernet port
The port variable specifies the mirror port to which the monitored port traffic is copied.
Ports from a port region must be mirrored to the same destination mirror port
on page 19, are important when defining a destination
mirror port. This is because all traffic mirrored from any single port in a port region is mirrored to the
same destination mirror port as traffic mirrored from any other port in the same port region. For
example, ports 1/1 to 1/12 are in the same port region. If you configure ports 1/1 and 1/2 to mirror their
traffic, they should use the same destination mirror port as shown in the following configuration.
device(config)#interface ethernet 1/1
device(config-if-e10000-1/1)#ACL-mirror-port ethernet 2/3
device(config)#interface ethernet 1/2
device(config-if-e10000-1/2)#ACL-mirror-port ethernet 2/3
If ports within the same port region are mirrored to different destination ports, the configuraton is
disallowed, and an error message is generated, as shown in the following example.
device(config)#interface ethernet 1/1
device(config-if-e10000-1/1)#ACL-mirror-port ethernet 4/3
device(config)#interface ethernet 1/2
device(config-if-e10000-1/2)#ACL-mirror-port ethernet 4/7
Error - Inbound Mirror port 4/3 already configured for port region 1/1 - 1/12
When a destination port is configured for any port within a port region, traffic from any ACL with a
mirroring clause assigned to any port in that port region is mirrored to that destination port. This will
occur even if a destination port is not explicitly configured for the port with the ACL configured. In the
following example, an ACL with a mirroring clause (101) is applied to a port (1/1). Another port in the
same region (1/3) has a destination port set (4/3). In this example, traffic generated from operation of
Destination mirror port
FastIron Ethernet Switch Platform and Layer 2 Switching Configuration Guide
241
53-1003086-04