Traffic Mirroring Commands

OcNOS-SP : Layer 2 Guide : Layer 2 Command Reference : Traffic Mirroring Commands

This chapter provides a description of syntax, and examples for Traffic Mirroring. It includes the following commands:

• monitor session

• monitor session shut

• source interface

• source vlan

• destination interface

• no shut

• shut

• filter

• description

• remote destination

• show monitor

• show monitor session

• show filter

• show monitor running configuration

monitor session

Use this command to create a local or remote monitor session. By default, a local monitor session is created.

A monitor session consists of:

• A single destination interface, referred to as a mirror-to port or a single remote destination

• One or more source interfaces (egress, ingress, or both)

• One or more VLAN sources in the ingress direction

• One or more filters that can be applied to filter the mirrored packets

Use the no parameter to delete a monitor session.

Command Syntax

monitor session <1-18> ( | type ( local | remote ))

no monitor session ( <1-18> | all )

Parameters

<1-18>

Session number

local

Create a local session

remote

Create a remote source node session

all

All sessions

Default

By default, monitor session type is local and will not be active by default

Command Mode

Configure mode

Applicability

This command was introduced before OcNOS version 1.3.

Examples

#configure terminal

(config)#monitor session 1

(config-monitor)#exit

(config)#monitor session 3 type remote

(config-monitor)#exit

(config)#no monitor session 1

monitor session shut

Use this command to deactivate one monitor session.

Use the no parameter to activate one monitor session.

Command Syntax

monitor session <1-18> shut

no monitor session <1-18> shut

Parameters

<1-18>

Session number

Default

Monitor session will not be active by default

Command Mode

Configure mode

Applicability

This command was introduced before OcNOS version 1.3.

Examples

#configure terminal

(config)#monitor session 3 shut

(config)#no monitor session 3 shut

source interface

Use this command to configure a source port per monitor session in either ingress or egress or both directions. Source port can be physical interface or a trunk port.

Use the no parameter to remove the source port.

Note: The behavior is changed when the configuration is edited in the current release: For example, if you have configured as follows

source interface xe10 rx → running-config/backend: source interface xe10 rx

source interface xe10 tx → running-config/backend: source interface xe10 both

its direction is changed to as follows

source interface xe10 rx → running-config/backend: source interface xe10 rx

source interface xe10 tx → running-config/backend: source interface xe10 tx

Command Syntax

source interface IFNAME ( rx | tx | both | )

no source interface IFNAME

Parameters

IFNAME

Interface name

Ingress direction

Egress direction

both

Both directions

Default

Source port will be mirrored for both directions if the direction is not specified

Command Mode

Monitor configure mode

Applicability

This command was introduced before OcNOS version 1.3.

Example

#configure terminal

(config)#monitor session 1

(config-monitor)#source interface xe1 both

(config-monitor)#no source interface xe1

source vlan

Use this command to configure one or more VLANs as source per monitor session. A VLAN as source will be mirrored only in the ingress direction. Up to 32 VLANs can be configured as source per monitor session.

Use the no parameter to remove vlan source from monitor session.

Command Syntax

source vlan VLAN_RANGE

no source vlan VLAN_RANGE

Parameters

VLAN_RANGE

VLAN identifier or VLAN identifier range

Default

A trunk port is a member of all VLANs by default.

Command Mode

Monitor configure mode

Applicability

This command was introduced before OcNOS version 1.3.

Example

#configure terminal

(config)#monitor session 1

(config-monitor)#source vlan 2

(config-monitor)#source vlan 4-10

(config-monitor)#no source vlan 2-5,10

destination interface

Use this command to configure a mirror-to port per local monitor session. A destination port can be a physical port or a trunk port.

Use the no parameter to remove the destination port from a local monitor session.

Note: For monitor sessions, the destination interface should be an L2 switchport with no service attached.

Command Syntax

destination interface IFNAME

no destination interface IFNAME

Parameters

IFNAME

Interface name

Default

No default value is specified

Command Mode

Monitor configure mode

Applicability

This command was introduced before OcNOS version 1.3.

Example

#configure terminal

(config)#interface xe3

(config-if)#switchport

(config-if)#exit

(config)#monitor session 1

(config-monitor)#destination interface xe3

(config-monitor)#no destination interface xe3

no shut

Use this command to activate a monitor session

Command Syntax

no shut

Parameters

None

Default

Monitor session will not be active by default.

Command Mode

Monitor configure mode

Applicability

This command was introduced before OcNOS version 1.3.

Example

#configure terminal

(config)#monitor session 3

(config-monitor)#no shut

shut

Use this command to de-activate a monitor session.

Command Syntax

shut

Parameters

None

Default

Monitored session is not active by default.

Command Mode

Monitor configure mode

Applicability

This command was introduced before OcNOS version 1.3.

Example

#configure terminal

(config)#monitor session 3

(config-monitor)#shut

filter

Use this command to add filters to the monitor session. Filters can be applied only in case of ingress mirroring. The configuration of sequence identifier for each rule is optional, but even if it is not configured explicitly, it will always be generated and in steps of 10.

Use the no parameter to remove the filter from monitor session.

Command Syntax

(<1-268435453>/<1-4294967294> |) filter {vlan VLAN_RANGE| cos <0-7> | dest-mac (host XXXX.XXXX.XXXX | XXXX.XXXX.XXXX XXXX.XXXX.XXXX) | src-mac (host XXXX.XXXX.XXXX | XXXX.XXXX.XXXX XXXX.XXXX.XXXX) | frame-type (ETHTYPE | arp (req | resp|) (sender-ip A.B.C.D|) (target-ip A.B.C.D|) | ipv4 (src-ip (A.B.C.D | A.B.C.D/M)|) (dest-ip (A.B.C.D | A.B.C.D/M)|) | ipv6 (src-ip X:X::X:X/M |) (dest-ip X:X::X:X/M |))}

no (<1-268435453>/<1-4294967294>) filter

Parameters

(<1-268435453>/<1-4294967294> |)

Sequence identifier for each rule.

<2-4094>

VLAN identifier

<0-7>

COS number

XXXX.XXXX.XXXX

MAC address

ETHTYPE

Ethertype

arp

ARP frames

req

Request frames

resp

Response frames

A.B.C.D

Single IP address

A.B.C.D/M

IP addresses with mask

X:X::X:X/M

IPv6 addresses with mask

Default

No default value is specified.

Command Mode

Monitor configure mode

Applicability

This command was introduced before OcNOS version 1.3.

Example

#configure terminal

(config)#monitor session 3

(config-monitor)#filter dest-mac host 0000.0001.2421 frame-type ipv4

(config-monitor)#filter cos 3 frame-type arp req sender-ip 2.2.2.1

(config-monitor)#35 filter vlan 200

(config-monitor)#no 10 filter

(config-monitor)#no 20 filter

(config-monitor)#no 35 filterr

description

Use this command to add a description to the monitor session.

Use the no parameter to delete a description of the monitor session.

Command Syntax

description LINE

no description

Parameters

LINE

Enter the description string

Default

No default value is specified.

Command Mode

Monitor configure mode

Applicability

This command was introduced before OcNOS version 1.3.

Example

#configure terminal

(config)#monitor session 3

(config-monitor)#description “port mirror rx”

(config-monitor)#no description

remote destination

Use this command to configure a destination VLAN and the reflector port for the remote monitor session.

Use the no parameter to remove a destination from a remote monitor session.

Command Syntax

destination remote vlan <2-4094> reflector-port IFNAME

no destination remote

Parameters

<2-4094>

VLAN identifier

IFNAME

Interface name

Default

No default value is specified

Command Mode

Monitor configure mode

Applicability

This command was introduced before OcNOS version 1.3.

Example

#configure terminal

(config)#no vlan 900 bridge 1

(config)#interface xe3

(config-if)#switchport

(config)#monitor session 1

(config-monitor)#destination remote vlan 900 reflector-port xe3

(config-monitor)#no destination remote

show monitor

Use this command to display states of all monitor sessions. If a session is down, the reason is displayed.

Command Syntax

show monitor

Parameters

None

Command Mode

Exec mode and Privileged Exec mode

Applicability

This command was introduced before OcNOS version 1.3.

Example

#show monitor

Session State Reason Description

------- ----------- ---------------------- --------------------------------

1 down No sources configured

2 down Dst in wrong mode

show monitor session

Use this command to display the configuration details of one or more monitor sessions.

Command Syntax

show monitor session (<1-18>|all|(range RANGE)) (brief|)

Parameters

<1-18>

Session number

all

All sessions

RANGE

Session number range (n1-n2)

brief

Brief information

Command Mode

Exec mode or Privileged Exec mode

Applicability

This command was introduced before OcNOS version 1.3.

Example

#show monitor session 1

session 1

---------------

type : local

state : down (Session admin shut)

source intf :

tx : xe1 xe3 xe4

rx : xe2 xe3 xe4

both : xe3 xe4

source VLANs :

rx : 2,5-10,15,18-20

destination ports : xe5

filter count :

Legend: f = forwarding enabled, l = learning enabled

Table 7-20 Explains the show command output fields

Table 7-20: Show monitor session output fields

Field	Description
Type	Type of monitor session.
State	State of the security flow filter.
Rx	Incoming flow (source and destination IP addresses).
Tx	Reverse flow (source and destination IP addresses).
Both	Incoming and reverse flow (source and destination IP address)
Destination Port	Name of the destination port to be matched.
Source intf	Number of maximum intf central source session.
Source VLANs	Number of maximum VLANs central source session.
Filter count	Used to count number of lines in a file or table.

show filter

Use this command to display filters for one or more monitor sessions.

Command Syntax

show monitor session (<1-18>|all|(range RANGE)) filter

Parameters

<1-18>

Session number

all

All sessions

RANGE

Session number range (n1-n2)

Command Mode

Exec mode or Privileged Exec mode

Applicability

This command was introduced before OcNOS version 1.3.

Example

#show monitor session 1 filter

session 1

---------------

filter count : 3

---------------

match set 1

---------------

destination mac address : 0000.0002.4451 (host)

source mac address : 0000.0012.2288 (host)

---------------

match set 2

---------------

frame type : arp

sender ip address : 2.2.2.5

target ip addres : 2.2.2.8

---------------

match set 3

---------------

destination mac address : 0000.0001.1453 (host)

frame type : ipv4

source ip address : 3.3.3.5

show monitor running configuration

Use this command to display the mirror-related running configuration.

Command Syntax

show running-config monitor (all|)

Parameters

all

Show running configuration with defaults

Command Mode

Exec mode or Privileged Exec mode

Applicability

This command was introduced before OcNOS version 1.3.

Example

#show running-config monitor

monitor session 1

source interface xe10 rx

destination interface po1

no shut