Mirroring in a Campus Fabric domain

In a Campus Fabric domain, you can mirror ports in an ICX 7450 PE unit, an ICX 7250 PE unit, or an ICX 7750 CB unit. Campus Fabric supports port mirroring, VLAN mirroring, and ACL mirroring with a mirror clause.

Campus Fabric mirroring limitations

  • Only one mirror port can be configured on a PE unit for port mirroring.
  • When an SPX LAG is mirrored, all traffic is monitored. It is not possible to limit monitoring to an individual LAG port.
  • Due to a hardware limitation, a PE mirror port cannot mirror egress flooding, for example, from broadcast, unknown unicast, or multicast traffic.
  • A VLAN must have at least one port member configured before monitoring can be configured.
  • All incoming traffic (tagged and untagged) in the VLAN is mirrored. Mirroring is not affected by the configuration of the mirror port itself.

Supported Campus Fabric mirroring scenarios

The following mirroring scenarios are possible in a Campus Fabric domain :
  • Mirroring a port on any CB unit, monitoring from any CB port on any CB unit
  • Mirroring a CB port, monitoring from a PE port (supported for port-based mirroring; not supported for ACL mirroring)
    NOTE
    If you are monitoring a CB port from a PE port, the monitoring port is configured as a virtual PE port on the CB, and traffic is transmitted to and from the virtual port with an E-tag addressed to the port. Packets are copied out to the mirroring port with the E-tag intact. As a result, the monitoring device receive packets containing the E-tag.
  • Mirroring a port on a PE unit, monitoring from another port on the same PE unit
  • Mirroring of a CB port, monitoring from a PE port when VLAN mirroring is enabled.

Unsupported Campus Fabric mirroring configurations

The following scenarios are not supported in a Campus Fabric domain:
  • Mirroring a port on one PE unit, monitoring a port from a different PE unit
    NOTE

    If the CB determines the mirror port is configured on a PE port, and the monitoring port is on a different PE, the system blocks the configuration and displays a warning similar to the following message:

    Mirror port 17/1/1 and monitor port 18/1/2 are not on the same PE. Either move mirror port to a CB port, or change mirror and monitor port to the same PE.

  • With ACL mirroring, PE to CB or CB to PE monitoring
  • With VLAN mirroring, PE cannot be used as a mirror port.
  • Monitoring an individual SPX LAG member
    NOTE
    When you monitor a LAG port on a PE, configure the primary LAG port as the monitor port, and all LAG traffic is monitored. If you try to configure another individual port in the LAG, the system returns an error. Use the show lag command to determine the primary port of a LAG.

Sample configuration for Campus Fabric mirroring

The following example configures port 1/1/7 on the CB as a mirror port that monitors inbound traffic on PE port 17/1/1. 

device# configure terminal
device(config)# mirror-port ethernet 1/1/17
device(config)# interface ethernet 17/1/1
device(config-if-pe-e1000-17/1/1)# monitor ethernet 1/1/17 in

Displaying Campus Fabric mirroring information

The show mirror command can be used to display information on mirroring activity for the device. The following example displays information on mirroring on CB units 1 and 2. PE units 17 and 18 are being monitored. 
device# show mirror
Mirror port 1/1/17
  Input monitoring      : (U17/M1)   1   2   3  11
  Input monitoring      : (U17/M2)   1
  Output monitoring     : (U17/M1)   1   2   3  11
  Output monitoring     : (U17/M2)   1
Mirror port 2/1/20
  Input monitoring      : (U17/M1)  10
  Input monitoring      : (U18/M1)   1
  Output monitoring     : (U17/M1)  10
  Output monitoring     : (U18/M1)   1
Parent topic: Port Mirroring and Monitoring