CLI-Based Packet Mirroring Sequence of Events

Figure 20 shows the sequence of events that take place during CLI-based mirroring. The tables after the figure describe the events indicated by the numbers and letters in the figure. Table 50 describes the configuration process; Table 51 describes the flow of traffic during a mirroring operation that is initiated when the user logs in; and Table 52 describes the flow of traffic when mirroring a user who is already logged in or when mirroring a static interface.

Figure 20: CLI-Based Packet Mirroring

CLI-Based Packet Mirroring

To create a CLI-based packet mirroring environment, you must complete the processes listed in Table 50.

Table 50: Setting Up the CLI-Based Packet-Mirroring Environment

Process

Description

A

The authorized individual requests packet mirroring of a user’s or interface’s traffic and configures the analyzer device to receive mirrored traffic.

B

An individual who is authorized to use the packet mirroring CLI commands configures the packet mirroring environment, including the secure policy, analyzer interface connection to the analyzer device, and the interface or trigger information.

Table 51 indicates the sequence of steps for a packet-mirroring operation that takes place when a user starts a new session.

Table 51: CLI-Based User-Specific Mirroring During Session Start

Step

Description

1

The user logs in to an E Series router, requesting authentication by AAA.

2

AAA authenticates the user, and the router starts mirroring the user’s traffic.

3

The router sends the user’s original traffic to the intended destination.

4

The router sends the mirrored traffic to the analyzer device.

5

The analyzer device provides information to the requesting individual.

Table 52 indicates the sequence of steps for a packet-mirroring operation that is configured for an interface or for a user who is already logged in.

Table 52: CLI-Based Mirroring of Currently Running Session

Step

Description

1

For user-specific mirroring, the user logs in to the E Series router; no mirroring action is configured.

2

  • CLI-based packet mirroring is configured and enabled on the router.
  • For interface-specific mirroring, the router starts mirroring all traffic for the interface.
  • For user-specific mirroring, AAA verifies that the mirrored user is already logged in, then starts mirroring all subsequent traffic to or from the user.

3

The router sends the original traffic to its intended destination.

4

The router sends mirrored traffic to the analyzer device.

5

The analyzer device provides information for the requesting individual.

Related Documentation