Restrictions

The following restrictions apply to port-mirroring configurations:

• The interface you configure for port mirroring should not participate in any kind of routing activity.
• The destination address you specify should not have a route to the ultimate traffic destination. For example, if the sampled IPv4 packets have a destination address of 10.68.9.10 and the port-mirrored traffic is sent to 10.68.20.15 for analysis, the device associated with the latter address should not know a route to 10.68.9.10. Also, it should not send the sampled packets back to the source address.
• IPv4 and IPv6 traffic is supported. For IPv6 port mirroring, you must configure the next-hop router with an IPv6 neighbor before mirroring the traffic, similar to an ARP request for IPv4 traffic. All the restrictions applied to IPv4 configurations should also apply to IPv6.
• On M120, M320, and T-series routing platforms, simultaneous IPv4 and IPv6 port mirroring is supported. Multiple next-hop mirroring is not supported.
• On M-series platforms other than the M120 and M320 routers, only one family protocol (either IPv4 or IPv6) is supported at a time.
• Port mirroring supports up to 16 next hops, but there is no next-hop group support for inet6.
• Only transit data is supported.
• You can configure multiple port-mirroring interfaces per router.
• You must include a firewall filter with both the accept action and the port-mirror action modifier on the inbound interface. Do not include the discard action, or port mirroring will not work.
• If the port-mirroring interface is a non-point-to-point interface, you must include an IP address under the port-mirroring statement to identify the other end of the link. This IP address must be reachable for you to see the sampled traffic. If the port-mirroring interface is an Ethernet interface, the router should have an Address Resolution Protocol (ARP) entry for it. The following sample configuration sets up a static ARP entry.
• You do not need to configure firewall filters on both inbound and outbound interfaces, but at least one is necessary on the inbound interface to provide the copies of the packets to send to an analyzer.