7 mirror examples, 8 device mirror troubleshooting, Irror – PLANET XGS3-24040 User Manual

Chapter 55 VLAN-ACL Configuration

55-6

55.7 Mirror Examples

Example:

The requirement of the configurations is shown as below: to monitor at interface 1 the data frames sent out by

interface 9 and received from interface 7, sent and received by CPU, and the data frames received by

interface 15 and matched by rule 120(The source IP address is 1.2.3.4 and the destination IP address is

5.6.7.8).

Configuration guidelines:

1. Configure interface 1 to be a mirror destination interface.

2. Configure the interface 7 ingress and interface 9 egress to be mirrored source.

3. Configure the CPU as one of the source.

4. Configure access list 120.

5. Configure access 120 to binding interface 15 ingress.

Configuration procedure is as follows:

Switch(config)#monitor session 4 destination interface ethernet 1/1

Switch(config)#monitor session 4 source interface ethernet 1/7 rx

Switch(config)#monitor session 4 source interface ethernet 1/9 tx

Switch(config)#monitor session 4 source cpu

Switch(config)#access-list 120 permit tcp 1.2.3.4 0.0.0.255 5.6.7.8 0.0.0.255

Switch(config)#monitor session 4 source interface ethernet 1/15 access-list 120 rx

55.8 Device Mirror Troubleshooting

If problems occur on configuring port mirroring, please check the following first for causes:



Whether the mirror destination port is a member of a TRUNK group or not, if yes, modify the TRUNK

group.



If the throughput of mirror destination port is smaller than the total throughput of mirror source port(s),

the destination port will not be able to duplicate all source port traffic; please decrease the number of

source ports, duplicate traffic for one direction only or choose a port with greater throughput as the

destination port. Mirror destination port can not be pulled into Isolate vlan, or will affect mirror between

VLAN.