Configuration notes for port mirroring and monitoring

Refer to the following guidelines when configuring port mirroring and monitoring:

  • If you configure both ACL mirroring and ACL-based rate limiting on the same port, then all packets that match are mirrored, including the packets that exceed the rate limit.
  • ICX Series devices support sFlow and port monitoring together on the same port.
  • You can configure a mirror port specifically as an ingress port, an egress port, or both.
  • Mirror ports can run at any speed and are not related to the speed of the ingress or egress monitored ports.
  • The same port cannot be both a monitored port and the mirror port.
  • The same port can be monitored by one mirror port for ingress traffic and another mirror port for egress traffic.
  • The mirror port cannot be a trunk port.
  • The monitored port and its mirror port do not need to belong to the same port-based VLAN:
    • If the mirror port is in a different VLAN from the monitored port, the packets are tagged with the monitor port VLAN ID.
    • If the mirror port is in the same VLAN as the monitored port, the packets are tagged or untagged, depending on the mirror port configuration.
  • More than one monitored port can be assigned to the same mirror port.
  • If the primary interface of a trunk is enabled for monitoring, the entire trunk is monitored. You can also enable an individual trunk port for monitoring using the config-trunk-ind command.
  • For stacked devices, if the ingress and egress analyzer ports are always network ports on the local device, each device may configure the ingress and egress analyzer port independently. However, if you need to mirror to a remote port, then only one ingress and one egress analyzer port are supported for the enitre system.
  • For ingress ACL mirroring, the ingress rule for stacked devices also applies. The analyzer port setting command acl-mirror-port must be specified for each port, even though the hardware only supports one port per device. This applies whether the analyzer port is on the local device or on a remote device. For example, when port mirroring is set to a remote device, any mirroring-enabled ports (ACL, MAC address filter, or VLAN) enabled ports are set globally to a single analyzer port, as shown in the following example. 
device(config)# mirror ethernet 1/1/24
device(config)# mirror ethernet 2/1/48
device(config)# interface ethernet 1/1/1
device(config-if-e1000-1/1/1)# monitor ethernet 2/1/48 both

The analyzer port (2/1/48) is set to all devices in the system. 

device(config)# interface ethernet 1/1/2
device(config-if-e1000-1/1/2)# ip access-group 101 in
device(config-if-e1000-1/1/2)# interface ethernet 1/1/1
device(config-if-e1000-1/1/1)# acl-mirror-port ethernet 2/1/48

The previous command is required even though the analyzer port is already set globally by the port mirroring command. 

device(config)# interface ethernet 1/1/3
device(config-if-e1000-1/1/3)# ip access-group 101 in
device(config-if-e1000-1/1/3)# acl-mirror-port ethernet 2/1/48
device(config-if-e1000-1/1/3)# ip access-group 102 in
Parent topic: Port mirroring and monitoring configuration