Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Port, VLAN, and Flow Mirroring Overview

    Mirroring and analyzers enable you to mirror a copy of a packet to a configured destination, in addition to the normal processing and forwarding of the packet. Mirroring enables you to mirror a copy of a packet and an analyzer helps in mirroring a packet based on VLANs. Mirroring and analyzers are useful for debugging network problems and to prevent attacks on a network.

    Mirroring as a functionality has two components:

    • Source—This is the source port or VLAN (based on bridge domain) from where the packets are mirrored.
    • Destination—This is the destination port or VLAN (based on bridge domain) to which the mirrored packets are sent.

    Note: The ACX5000 line of routers supports egress mirroring (mirroring of packets going out through an egress port) only for port-based mirroring.

    The ACX5000 line of routers supports the following mirroring modes:

    • Port mirroring—Support for both ingress and egress based port mirroring using analyzer where input to mirror is through a list of ports configured through logical interface. You need to include the analyzer CLI statement at the [edit forwarding-options] hierarchy level
    • VLAN mirroring—In this mode, packets entering a VLAN (based on bridge domain) are mirrored. You need to include the analyzer CLI statement at the [edit forwarding-options] hierarchy level, where input to a mirror is a VLAN (based on bridge domain).
    • Flow mirroring—In this mode, input parameters for mirroring are specified through a firewall filter. You need to include the port-mirror CLI statement at the [edit forwarding-options] hierarchy level. The ACX5000 line of routers supports only family ethernet-switching and family inet configurations. If the input is family ethernet-switching, then output must also be family ethernet-switching. If input is family inet, then the output must also be family inet with output option as IP address. If you configure flow-based mirroring without any firewall filter match conditions, then mirroring is based on logical interface. The ACX5000 line of routers do not support IPv6, CCC, MPLS, and VPLS family options under the [edit forwarding-options port-mirroring] hierarchy level.

    Note:

    • In flow-based mirroring, firewall filters can be configured on a logical interface as well as on a physical interface.
    • If the vlan-id option for a VLAN (bridge domain) is not configured, or if the vlan-id option is configured as none, then the mirrored packet is sent as is without any additional VLAN tags.

    Modified: 2018-03-08