Configuring local mirroring

To configure a local mirroring session in which the mirroring source and destination are on the same switch, follow these general steps:

Determine the session and local destination port:

Session number (1-4) and (optional) alphanumeric name
Exit port (any port on the switch except a monitored interface used to mirror traffic)


	CAUTION: An exit port should be connected only to a network analyzer, IDS, or other network edge device that has no connection to other network resources. Connecting a mirroring exit port to a network can result in serious network performance problems, and is strongly discouraged by HP.

Enter the mirror session-# [name session-name ] port port-# command to configure the session.
Determine the traffic to be selected for mirroring by any of the following methods and the appropriate configuration level (VLAN, port, mesh, trunk, switch):
1. Direction: inbound, outbound, or both
2. Classifier-based mirroring policy: inbound only for IPv4 or IPv6 traffic
3. MAC source and/or destination address: inbound, outbound, or both
Enter the monitor command to assign one or more source interfaces to the session.

After you complete step 4, the switch begins mirroring traffic to the configured exit port.

The following commands configure mirroring for a local session in which the mirroring source and destination are on the same switch.

The mirror command identifies the destination in a mirroring session.
The interface and vlan commands identify the mirroring source, including source interface, traffic direction, and traffic-selection criteria for a specified session.


	NOTE: When no allow-v2-modules is specified in the configuration of a switch with V3 modules on KB firmware, Egress VLAN ACLs do not filter mirrored traffic. You must use a port ACL to filter mirrored traffic.

Configuring a local mirroring session

Syntax

[ no ] mirror 1 - 4 port exit-port-# [name name-str ]

The no mirror session-# port command removes the mirroring session and any mirroring source previously assigned to that session by the following commands.

Configuring traffic-direction criteria to select traffic

Syntax

[ no ] [ interface port/trunk/mesh | vlan vid-# ]monitor all in | out | both mirror session [ session ...] [no-tag-added]

Configuring ACL criteria to select inbound traffic — deprecated

Deprecated command:

Syntax

[ no ] [ interface port/trunk/mesh | vlan vid-# ]monitor ip access-group acl-name in mirror session [ session ...]

Configuring a mirroring policy to select inbound traffic

Syntax

class ipv4 | ipv6 classname [ no ] [seq-number] [ match | ignore ip-protocol source-address destination-address ] [precedence precedence-value] [tos tos-value] [ip-dscp codepoint] [vlan vlan-id]

Syntax

policy mirror policy-name [no] [seq-number] [ class ipv4 | ipv6 classname action mirror session ] [ action mirror session ...] [ no ] default-class action mirror session [ no ] [ interface port/trunk | vlan vid-# ]service-policy mirror-policy-name in

In the policy mirror command, the mirror session parameter accepts a number (1 to 4) or name, if the specified mirroring session has already been configured with the name name-str option in the mirror command.

The [no] interface | vlan service-policy in command removes the mirroring policy from a port, VLAN, trunk, or mesh interface for a specified session, but leaves the session available for other assignments.

Configuring MAC-based criteria to select traffic

Syntax

[ no ] monitor mac mac-addr [ src | dst | both ] mirror session

Enter the monitor mac mirror command at the global configuration level.

Use the no form of the complete Command syntax (for example, no monitor mac 112233-445566 src mirror 3) to remove a MAC address as mirroring criteria from an active session on the switch without removing the session itself.

prev	up	next
WebAgent status information	home	Configuring a remote mirroring destination on the remote switch