Table of Contents
Advertisement
Classifier-based mirroring policies provide greater precision when analyzing and debugging a network traffic
problem. Using multiple match criteria, you can finely select and define the classes of traffic that you want to
mirror on a traffic analyzer or IDS device.
Classifier-based mirroring configuration
1. Evaluate the types of traffic in your network and identify the traffic types that you want to mirror.
2. Create an IPv4 or IPv6 traffic class using the class command to select the packets that you want to mirror in
a session on a preconfigured local or remote destination device.
A traffic class consists of match criteria, which consist of match and ignore commands.
•
match commands define the values that header fields must contain for a packet to belong to the class and
be managed by policy actions.
•
ignore commands define the values which, if contained in header fields, exclude a packet from the policy
actions configured for the class.
The following match criteria are supported in match/ignore statements for inbound IPv4/IPv6 traffic:
•
IP source address (IPv4 and IPv6)
•
IP destination address (IPv4 and IPv6)
•
IP protocol (such as ICMP or SNMP)
•
Layer 3 IP precedence bits
•
Layer 3 DSCP codepoint
•
Layer 4 TCP/UDP application port (including TCP flags)
•
VLAN ID
Enter one or more match or ignore commands from the class configuration context to filter traffic and
determine the packets on which policy actions will be performed.
3. Create a mirroring policy to configure the session and destination device to which specified classes of inbound
traffic are sent by entering the policy mirror command from the global configuration context.
To configure the mirroring actions that you want to execute on packets that match the criteria in a specified
class, enter one or more class action mirror commands from the policy configuration context.
You can configure only one mirroring session (destination) for each class. However, you can configure the
same mirroring session for different classes.
A packet that matches the match criteria in a class is mirrored to the exit (local or remote) port that has been
previously configured for the session, where session value is 1 or a text string (if you configured the session
with a name when you entered the mirror command.)
Prerequisite: The local or remote exit port for a session must be already configured before you enter the
mirror session parameter in a class action statement:
436
NOTE: Be sure to enter match/ignore statements in the precise order in which you want their
criteria to be used to check packets.
NOTE: Be sure to enter each class and its associated mirroring actions in the precise order in
which you want packets to be checked and processed.
Aruba 2930F / 2930M Management and Configuration Guide
for ArubaOS-Switch 16.08
Advertisement
Table of Contents
Troubleshooting
