Traffic Mirroring Commands
This chapter provides a description of syntax, and examples for Traffic Mirroring. It includes the following commands:
monitor session
Use this command to create a local or remote monitor session. By default, a local monitor session is created.
A monitor session consists of:
• A single destination interface, referred to as a mirror-to port or a single remote destination
• One or more source interfaces (egress, ingress, or both)
• One or more VLAN sources in the ingress direction
• One or more filters that can be applied to filter the mirrored packets
Use the no parameter to delete a monitor session.
Command Syntax
monitor session <1-18> ( | type ( local | remote ))
no monitor session ( <1-18> | all )
Parameters
<1-18>
Session number
local
Create a local session
remote
Create a remote source node session
all
All sessions
Default
By default, monitor session type is local and will not be active by default
Command Mode
Configure mode
Applicability
This command was introduced before OcNOS version 1.3.
Examples
#configure terminal
(config)#monitor session 1
(config-monitor)#exit
(config)#monitor session 3 type remote
(config-monitor)#exit
(config)#no monitor session 1
monitor session shut
Use this command to deactivate one monitor session.
Use the no parameter to activate one monitor session.
Command Syntax
monitor session <1-18> shut
no monitor session <1-18> shut
Parameters
<1-18>
Session number
Default
Monitor session will not be active by default
Command Mode
Configure mode
Applicability
This command was introduced before OcNOS version 1.3.
Examples
#configure terminal
(config)#monitor session 3 shut
(config)#no monitor session 3 shut
source port
Use this command to configure a source port per monitor session in either ingress or egress or both directions. Source port can be physical interface or a trunk port.
Use the no parameter to remove the source port.
Command Syntax
source interface IFNAME ( rx | tx | both | )
no source interface IFNAME
Parameters
IFNAME
Interface name
rx
Ingress direction
tx
Egress direction
both
Both directions
Default
Source port will be mirrored for both directions if the direction is not specified
Command Mode
Monitor configure mode
Applicability
This command was introduced before OcNOS version 1.3.
Example
#configure terminal
(config)#monitor session 1
(config-monitor)#source interface xe1 both
(config-monitor)#no source interface xe1
source vlan
Use this command to configure one or more VLANs as source per monitor session. A VLAN as source will be mirrored only in the ingress direction. Up to 32 VLANs can be configured as source per monitor session.
Use the no parameter to remove vlan source from monitor session.
Command Syntax
source vlan VLAN_RANGE
no source vlan VLAN_RANGE
Parameters
VLAN_RANGE
VLAN identifier or VLAN identifier range
Default
A trunk port is a member of all VLANs by default.
Command Mode
Monitor configure mode
Applicability
This command was introduced before OcNOS version 1.3.
Example
#configure terminal
(config)#monitor session 1
(config-monitor)#source vlan 2
(config-monitor)#source vlan 4-10
(config-monitor)#no source vlan 2-5,10
destination port
Use this command to configure a mirror-to port per local monitor session. A destination port can be a physical port or a trunk port.
Use the no parameter to remove the destination port from a local monitor session.
Command Syntax
destination interface IFNAME
no destination interface IFNAME
Parameters
IFNAME
Interface name
Default
No default value is specified
Command Mode
Monitor configure mode
Applicability
This command was introduced before OcNOS version 1.3.
Example
#configure terminal
(config)#interface xe3
(config-if)#switchport
(config-if)#exit
(config)#monitor session 1
(config-monitor)#destination interface xe3
(config-monitor)#no destination interface xe3
no shut
Use this command to activate a monitor session
Command Syntax
no shut
Parameters
None
Default
Monitor session will not be active by default.
Command Mode
Monitor configure mode
Applicability
This command was introduced before OcNOS version 1.3.
Example
#configure terminal
(config)#monitor session 3
(config-monitor)#no shut
shut
Use this command to de-activate a monitor session.
Command Syntax
shut
Parameters
None
Default
Monitored session is not active by default.
Command Mode
Monitor configure mode
Applicability
This command was introduced before OcNOS version 1.3.
Example
#configure terminal
(config)#monitor session 3
(config-monitor)#shut
filter
Use this command to add filters to the monitor session. Filters can be applied only in case of ingress mirroring. The configuration of sequence identifier for each rule is optional, but even if it is not configured explicitly, it will always be generated and in steps of 10.
Use the no parameter to remove the filter from monitor session.
Command Syntax
(<1-268435453>/<1-4294967294> |) filter {vlan <2-4094>| cos <0-7> | dest-mac (host XXXX.XXXX.XXXX | XXXX.XXXX.XXXX XXXX.XXXX.XXXX) | src-mac (host XXXX.XXXX.XXXX | XXXX.XXXX.XXXX XXXX.XXXX.XXXX) | frame-type (ETHTYPE | arp (req | resp|) (sender-ip A.B.C.D|) (target-ip A.B.C.D|) | ipv4 (src-ip (A.B.C.D | A.B.C.D/M)|) (dest-ip (A.B.C.D | A.B.C.D/M)|) | ipv6 (src-ip X:X::X:X/M |) (dest-ip X:X::X:X/M |))}
no (<1-268435453>/<1-4294967294>) filter
Parameters
(<1-268435453>/<1-4294967294> |)
Sequence identifier for each rule.
<2-4094>
VLAN identifier
<0-7>
COS number
XXXX.XXXX.XXXX
MAC address
ETHTYPE
Ethertype
arp
ARP frames
req
Request frames
resp
Response frames
A.B.C.D
Single IP address
A.B.C.D/M
IP addresses with mask
X:X::X:X/M
IPv6 addresses with mask
Default
No default value is specified.
Command Mode
Monitor configure mode
Applicability
This command was introduced before OcNOS version 1.3.
Example
#configure terminal
(config)#monitor session 3
(config-monitor)#35 filter vlan 200
(config-monitor)#filter dest-mac host 0000.0001.2421 frame-type ipv4
(config-monitor)#filter cos 3 frame-type arp req sender-ip 2.2.2.1
(config-monitor)#no 10 filter
(config-monitor)#no 20 filter
(config-monitor)#no 35 filter
description
Use this command to add a description to the monitor session.
Use the no parameter to delete a description of the monitor session.
Command Syntax
description LINE
no description
Parameters
LINE
Enter the description string
Default
No default value is specified.
Command Mode
Monitor configure mode
Applicability
This command was introduced before OcNOS version 1.3.
Example
#configure terminal
(config)#monitor session 3
(config-monitor)#description “port mirror rx”
(config-monitor)#no description
remote destination
Use this command to configure a destination VLAN and the reflector port for the remote monitor session.
Use the no parameter to remove a destination from a remote monitor session.
Command Syntax
destination remote vlan <2-4094> reflector-port IFNAME
no destination remote
Parameters
<2-4094>
VLAN identifier
IFNAME
Interface name
Default
No default value is specified
Command Mode
Monitor configure mode
Applicability
This command was introduced before OcNOS version 1.3.
Example
#configure terminal
(config)#no vlan 900 bridge 1
(config)#interface xe3
(config-if)#switchport
(config)#monitor session 1
(config-monitor)#destination remote vlan 900 reflector-port xe3
(config-monitor)#no destination remote
show monitor
Use this command to display states of all monitor sessions. If a session is down, the reason is displayed.
Command Syntax
show monitor
Parameters
None
Command Mode
Exec mode and Privileged Exec mode
Applicability
This command was introduced before OcNOS version 1.3.
Example
#show monitor
Session State Reason Description
------- ----------- ---------------------- --------------------------------
1 down No sources configured
2 down Dst in wrong mode
Table 27-77 explains the output fields.
Table 27-77: show monitor fields
Entry | Description |
|---|
Session admin shut | If the monitoring session is administratively shutdown, session will be in this state. This is the default state for any newly created monitoring session. Monitoring sessions can be activated using the command ‘no shut’ on monitoring session mode. |
Dst in wrong mode | If both source and destination is configured on monitoring session and session is activated, then: 1. In case of local monitoring, if the destination port is not configured with ‘switchport’ or the destination is associated with bridge, then session will be in this state. Destination port shouldn’t participate in regular switching. Hence this configuration state is mandatory. 2. In case of remote monitoring, if the reflector port is not configured with ‘switchport’ or the destination is associated with bridge and/or if remote VLAN is part of bridge then session will be in this state. Remote VLAN ID used for encapsulation should be unused VLAN ID by bridge on the mirroring node. |
No sources configured | If no source configured on the monitoring session (either source VLAN or source ports) and monitoring session is activated, then the session will be in this state. In order to recover, source needs to be configured on the monitoring session. Multiple sources can be configured on a monitoring session. |
No dest configured | If a session is not configured with destination (either destination port in case of local monitoring or with remote vlan and reflector port in case of remote monitoring) and if the monitoring session is activated, then session will be in this state. In order to recover, destination needs to be configured on the monitoring session. Only one destination can be configured per monitoring session. |
No operational src/dst | If both source and destination configured on monitoring session, destination is configured in right mode and session is activated, but 1. In case of local monitoring, if the destination port link state is down, then session will be in this state. 2. In case of remote monitoring, if the reflector port link state is down, then session will be in this state. 3. In case the sources configured are ports and none of them are in link up state, then session will be in this state. 4. In case the sources configured are VLAN and none of the VLANs are part of bridge forwarding, then session will be in this state. |
No hardware resource | If all the configurations are correct and multiple sessions are configured and activated, then one of the hardware limitation may be reached: 1. Destination port exceeding maximum limit. 2. Filters exceeding maximum limit. 3. VLAN source ports exceeding maximum limit. In these cases, effected sessions will be in this state. |
Hardware failure | If all the configurations are correct and sessions are activated but due to some expected or unexpected cases if the configuration cannot be applied in hardware, then the session will be in this state. This is not accepted state for a session and the issue needs to be analyzed and fixed. |
show monitor session
Use this command to display the configuration details of one or more monitor sessions.
Command Syntax
show monitor session (<1-18>|all|(range RANGE)) (brief|)
Parameters
<1-18>
Session number
all
All sessions
RANGE
Session number range (n1-n2)
brief
Brief information
Command Mode
Exec mode or Privileged Exec mode
Applicability
This command was introduced before OcNOS version 1.3.
Example
#show monitor session 1
session 1
---------------
type : local
state : down (Session admin shut)
source intf :
tx : xe1 xe3 xe4
rx : xe2 xe3 xe4
both : xe3 xe4
source VLANs :
rx : 2,5-10,15,18-20
destination ports : xe5
filter count :
Legend: f = forwarding enabled, l = learning enabled
#
Table 27-78 explains the output fields.
Table 27-78: show monitor session output fields
Entry | Description |
|---|
Type | Type of monitor session. |
State | State of the security flow filter. There are different error messages when you do RSPAN configuration: 1. Session admin shut 2. Dst in wrong mode 3. No sources configured 4. No dest configured 5. No operational src/dst 6. No hardware resource 7. Hardware failure. |
Session admin shut | If the monitoring session is administratively shutdown, session will be in this state. This is the default state for any newly created monitoring session. Monitoring sessions can be activated using the command ‘no shut’ on monitoring session mode. |
Dst in wrong mode | If both source and destination is configured on monitoring session and session is activated, then: 1. In case of local monitoring, if the destination port is not configured with ‘switchport’ or the destination is associated with bridge, then session will be in this state. Destination port shouldn’t participate in regular switching. Hence this configuration state is mandatory. 2. In case of remote monitoring, if the reflector port is not configured with ‘switchport’ or the destination is associated with bridge and/or if remote VLAN is part of bridge then session will be in this state. Remote VLAN ID used for encapsulation should be unused VLAN ID by bridge on the mirroring node. |
No sources configured | If no source configured on the monitoring session (either source VLAN or source ports) and monitoring session is activated, then the session will be in this state. In order to recover, source needs to be configured on the monitoring session. Multiple sources can be configured on a monitoring session. |
No dest configured | If a session is not configured with destination (either destination port in case of local monitoring or with remote vlan and reflector port in case of remote monitoring) and if the monitoring session is activated, then session will be in this state. In order to recover, destination needs to be configured on the monitoring session. Only one destination can be configured per monitoring session. |
No operational src/dst | If both source and destination configured on monitoring session, destination is configured in right mode and session is activated, but: 1. In case of local monitoring, if the destination port link state is down, then session will be in this state. 2. In case of remote monitoring, if the reflector port link state is down, then session will be in this state. 3. In case the sources configured are ports and none of them are in link up state, then session will be in this state. 4. In case the sources configured are VLAN and none of the VLANs are part of bridge forwarding, then session will be in this state. |
No hardware resource | If all the configurations are correct and multiple sessions are configured and activated, then one of the hardware limitation may be reached: 1. Destination port exceeding maximum limit. 2. Filters exceeding maximum limit. 3. VLAN source ports exceeding maximum limit. In these cases, effected sessions will be in this state. |
Hardware failure | If all the configurations are correct and sessions are activated but due to some expected or unexpected cases if the configuration cannot be applied in hardware, then the session will be in this state. This is not accepted state for a session and the issue needs to be analyzed and fixed. |
Rx | Incoming flow (source and destination IP addresses). |
Tx | Reverse flow (source and destination IP addresses). |
Both | Incoming and reverse flow (source and destination IP address) |
Destination Port | Name of the destination port to be matched. |
Source intf | Number of maximum intf central source session. |
Source VLANs | Number of maximum VLANs central source session. |
Filter count | Used to count number of lines in a file or table. |
show filter
Use this command to display filters for one or more monitor sessions.
Command Syntax
show monitor session (<1-18>|all|(range RANGE)) filter
Parameters
<1-18>
Session number
all
All sessions
RANGE
Session number range (n1-n2)
Command Mode
Exec mode or Privileged Exec mode
Applicability
This command was introduced before OcNOS version 1.3.
Example
#show monitor session 1 filter
session 1
---------------
filter count : 3
---------------
match set 1
---------------
destination mac address : 0000.0002.4451 (host)
source mac address : 0000.0012.2288 (host)
---------------
match set 2
---------------
frame type : arp
sender ip address : 2.2.2.5
target ip addres : 2.2.2.8
---------------
match set 3
---------------
destination mac address : 0000.0001.1453 (host)
frame type : ipv4
source ip address : 3.3.3.5
#
show monitor running configuration
Use this command to display the mirror-related running configuration.
Command Syntax
show running-config monitor (all|)
Parameters
all
Show running configuration with defaults
Command Mode
Exec mode or Privileged Exec mode
Applicability
This command was introduced before OcNOS version 1.3.
Example
#show running-config monitor
!
monitor session 1
source interface xe10 rx
destination interface po1
no shut
#