CLI-Based IP Interface Mirroring
When you mirror a specific IP interface, all ingress and egress traffic on the interface (traffic entering or exiting the E-series router through that interface) is replicated. The original traffic is forwarded to its intended destination as usual, while the mirrored copy of the traffic is forwarded to an analyzer port on the E-series router. The analyzer port then directs the mirrored traffic to the specified mediation device (the analyzer) for analysis.
The interface mirroring operation is transparent to the user whose traffic is being mirrored. Configuration information and statistics can be viewed by any user on the E-series router by default; however, an administrator can move this monitoring capability to a higher privilege level.
Figure 31 shows the traffic flow for ingress and egress IP interface mirroring.
Configuring CLI-Based IP Interface Mirroring
This example configures an IP interface-mirroring environment that replicates all traffic on interface ATM 3/0.1 and forwards the replicated traffic to the analyzer port at interface FastEthernet 4/0.
The analyzer port must exist when you use the ip mirror command. Otherwise, you will receive the error message "ip interface is not an analyzer port," and the command will fail.
- Create the analyzer port at FastEthernet interface 4/0:
- Enable mirroring on interface ATM 3/0.1:
- Verify your interface mirroring configuration:
host1(config)#interface fastEthernet 4/0
host1(config-if)#ip analyzer
host1(config)#ip mirror atm 3/0.1 fastEthernet 4/0 next-hop 192.168.1.2
Proceed with the mirroring of all ip traffic at the specified interface? [confirm] y
host1#show ip mirror interface atm 3/0.1
Interface Analyzer Port Analyzer next-hop
------------------------- ------------------------- -------------------
ATM3/0.1 FastEthernet4/0 192.168.1.2
Commands and Guidelines
This section lists the commands you use to configure CLI-based IP interface mirroring.
ip analyzer
- Use to configure an interface as an analyzer port.
- You can configure the interface as the virtual router's default analyzer port; it will then be used when an analyzer port is not explicitly specified in the ip mirror command. Multiaccess interfaces, such as IP over Ethernet, cannot be configured as default analyzer ports.
- Any type of IP interface on the E-series router can be configured as an analyzer port, except for special interfaces such as SRP interfaces, null interfaces, and loopback interfaces.
- An interface cannot be both an analyzer port and a mirrored interface at the same time.
- A single analyzer port can support multiple mirrored interfaces.
- The receive side of the analyzer ports is disabled. All traffic attempting to access the router through an analyzer port is dropped.
- Analyzer ports drop all nonmirrored traffic.
- Policies are not supported. When you configure an analyzer port, existing policies are disabled, and no new policies are accepted.
- Example
host1(config-if)#ip analyzer default
ip mirror
- Use to enable mirroring on the specified interface and to direct the mirrored traffic to the analyzer port.
- Any type of IP interface on the E-series router can be configured as a mirrored interface, except for special interfaces such as SRP interfaces, null interfaces, and loopback interfaces.
- An interface cannot be both an analyzer port and a mirrored interface at the same time.
- If you do not specify an analyzer port when using the ip mirror command, the mirrored traffic is forwarded to the virtual router's default analyzer port. The command will fail if a default analyzer port is not configured.
- An interface can be mirrored to only one analyzer port at a time.
- If the analyzer port is a shared medium (e.g., Ethernet), you must specify the next-hop address to the remote mediation device.
- Example
host1(config)#ip mirror atm 3/0.2 fastethernet 2/0 next-hop 192.168.1.2
host1(config)#ip mirror atm 3/0.2 tunnel gre:analyzer1