Hide Navigation Pane
Show Navigation Pane
Download
SHA1
Example: Configuring CLI-Based User-Specific Packet Mirroring
This example shows the configuration of a CLI-based packet mirroring session for subscribers. . The mirroring session replicates all traffic associated with each user, and then sends the replicated traffic to the analyzer device.
- Enable the visibility and use of the packet mirroring
CLI commands. host1#mirror-enable
- Create the analyzer interface and the route to the analyzer
device.
- For L2TP subscribers:host1(config)# interface tunnel ipsec:mirror3 transport-virtual-router default host1(config-if)#ip analyzer host1(config-if)#exit host1(config)#ip route 192.168.99.2 255.255.255.255 tunnel ipsec:mirror3
- For DHCP and PPP subscribers:host1(config)# interface atm 4/0.1 host1(config-if)#ip address 19.0.0.2 255.255.255.0 host1(config-if)#ip analyzer host1(config-if)#exit host1(config)#ip route 19.0.0.2 255.255.255.255 101.101.101.2
- For L2TP subscribers:
- Configure the secure policy that forwards the mirrored
traffic to the analyzer device. The classifier-group command uses the default classifier list, which is indicated by
the asterisk character (*).
- For L2TP subscribers:host1(config)#secure l2tp policy-list l2tp_toMirrorHQ host1(config-policy-list)#classifier-group * host1(config-policy-list-classifier-group)#mirror analyzer-ip-address 192.168.99.2 analyzer-virtual-router default analyzer-udp-port 6500 mirror-identifier 1 session-identifier 1
- For DHCP and PPP subscribers:host1(config)#secure ip policy-list secure-ipv4-policy host1(config-policy-list)#classifier-group * host1(config-policy-list-classifier-group)#mirror analyzer-ip-address 19.0.0.2 analyzer-virtual-router default analyzer-udp-port 2500 mirror-identifier 1 session-identifier 1
- For L2TP subscribers:
- Configure packet mirroring for the subscriber and associate
the secure policy with the user.
- For L2TP subscribers:host1(config)#virtual-router lac host1:lac(config)#mirror username jwbooth@isptheatre.com l2tp secure-policy-list l2tp_toMirrorHQ
- For DHCP and PPP subscribers:host1(config)#mirror dhcp-option-82 agent-circuit-id "x:12000004:circuit id:45" agent-remote-id "y:12000004:remote id:89" ip secure-policy-list secure-ipv4-policy host1(config)#mirror agent-circuit-id "x:12000001:pppoe agent circuit id:47" ip secure-policy-list secure-ipv4-policy host1(config)#mirror agent-remote-id hex 79:3a:02:00:00:02:3a:72:65:6d:6f:74:65:20:69:64:3a:35 ip secure-policy-list secure-ipv4-policy
Now, when the subscriber logs in , the packet mirroring session starts and the subscriber’s replicated traffic is sent to the remote analyzer device.
- For L2TP subscribers:
- Verify the packet-mirroring configuration.
host1# show mirror subscribers Subscriber ID ID Secure Secure Mirrored Method Policy Type Policy List Sessions ------------------ ---------- ----------- ---------------- -------- lac:jwbooth@isptheatre.com username l2tp l2tp_toMirrorHQ 1 x:12000004:circuit id:45.y:12000004:remote id:89 dhcp-option-82 IP secure-ipv4-policy 1 x:12000001:pppoe agent circuit id:47 agent-circuit-id IP secure-ipv4-policy 1 79:3a:02:00:00:02:3a:72:65:6d:6f:74:65:20:69:64:3a:35 agent-remote-id IP secure-ipv4-policy 1 - Verify the configuration of the secure policy.
host1# show secure policy-list Policy Table ------ ----- Secure L2TP Policy l2tp_toMirrorHQ Administrative state: enable Reference count: 2 Classifier control list: * mirror analyzer-ip-address 192.168.99.2 analyzer-virtual-router default analyzer-udp-port 6500 mirror-id 1 session-id 1 Referenced by interface(s): TUNNEL l2tp:5/1/5 secure-input policy TUNNEL l2tp:5/1/5 secure-output policy Secure IP Policy secure-ipv4-policy Administrative state: enable Reference count: 6 Classifier control list: * mirror analyzer-ip-address 19.0.0.2 analyzer-virtual-router default analyzer-udp-port 2500 mirror-identifier 1 session-identifier 1 Referenced by interface(s): ip100.1.1.3 secure-input policy, statistics disabled, virtual-router default ip100.1.1.3 secure-output policy, statistics disabled, virtual-router default
