Reset Search
 

 

Article

How to Configure VLAN-based Port Mirroring

« Go Back

Information

 
TitleHow to Configure VLAN-based Port Mirroring
Objective
Commands to configure VLAN Based Port mirroring. This will help to capture all the traffic ingressing or egressing a particular VLAN.
Environment
  • VSP 9012/9010
  • All VOSS Versions
Procedure
VSP 9K does not natively support VLAN based port mirroring but can be achieved with the help of an Access Control Lists (ACL). 

Scenario:
  • Traffic on VLAN 10 to be mirrored
  • Monitor port: 8/2 (The port where sniffer is connected)
Following are the commands to capture Ingress traffic:
filter acl 1 type inVlan
filteracl set 1 global-action monitor-dst-port 8/2
filteracl vlan 1 10
filteracl ace 1 1 
filteracl ace action 1 1 permit
filteracl ace ethernet 1 1 ether-type eq ip
filteracl ace 1 1 enable
Following are the commands to capture Egress traffic:
filter acl 2 type outVlan
filteracl set 2 global-action monitor-dst-port 8/2
filteracl vlan 2 10
filteracl ace 2 2
filteracl ace action 2 2 permit
filteracl ace ethernet 2 2 ether-type eq ip
filteracl ace 2 2 enable
Additional notes
Few VSP devices don't have an option to configure outVlan. For those, use the below set of commands:
 
filter acl 1 type inVlan
filter acl vlan 1 <VLANID_1>,<VLANID_2>
filter acl ace 1 1
filter acl ace action 1 1 permit monitor-dst-ports <PORT#_WHERE_SNIFFER_IS_CONNECTED>
filter acl ace ethernet 1 1 ether-type eq ip
filter acl ace 1 1 enable
Traffic can also be filtered based on the Source and destination IP. Use below commands to achieve the same:
 
filter acl ace ip 1 1 dst-ip eq <DESTINATION_IP_ADDRESS>
filter acl ace ip 1 1 src-ip eq <SOURCE_IP_ADDRESS>

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255