Configuration Guide User guide
928 FastIron Configuration Guide
53-1002494-02
Port mirroring and monitoring configuration
• The same port can be monitored by one mirror port for ingress traffic and another mirror port
for egress traffic.
• The mirror port cannot be a trunk port.
• The monitored port and its mirror port do not need to belong to the same port-based VLAN:
- If the mirror port is in a different VLAN from the monitored port, the packets are tagged
with the monitor port VLAN ID. This does not apply if the mirror port resides on the
SX-FI48GPP module. In this case, mirrored packets are not tagged with a monitor port
VLAN ID.
- If the mirror port is in the same VLAN as the monitored port, the packets are tagged or
untagged, depending on the mirror port configuration.
• More than one monitored port can be assigned to the same mirror port.
• If the primary interface of a trunk is enabled for monitoring, the entire trunk is monitored. You
can also enable an individual trunk port for monitoring using the config-trunk-ind command.
• With FastIron X Series IPv4 hardware, the following port mirroring functions may not work
across modules when only one switch fabric is present in the system:
- Input mirroring
- Output mirroring
- Both input mirroring and output mirroring
Additional factors that can affect cross-module port mirroring include:
- Switch fabric slot configuration (SF1 or SF2)
- Interface modules configured for port mirroring
• For stacked devices, if the ingress and egress analyzer ports are always network ports on the
local device, each device may configure the ingress and egress analyzer port independently.
However, if you need to mirror to a remote port, then only one ingress and one egress analyzer
port are supported for the enitre system.
• For ingress ACL mirroring, the ingress rule for stacked devices also applies. The analyzer port
setting command acl-mirror-port must be specified for each port, even though the hardware
only supports one port per device. This applies whether the analyzer port is on the local device
or on a remote device. For example, when port mirroring is set to a remote device, any
mirroring-enabled ports (ACL, MAC address filter, or VLAN) enabled ports are set globally to a
single analyzer port, as shown in the following example.
Brocade(config)# mirror ethernet 1/1/24
Brocade(config)# mirror ethernet 2/1/48
Brocade(config)# interface ethernet 1/1/1
Brocade(config-if-e1000-1/1/1)# monitor ethernet 2/1/48 both
The analyzer port (2/1/48) is set to all devices in the system.
Brocade(config)# interface ethernet 1/1/2
Brocade(config-if-e1000-1/1/2)# ip access-group 101 in
Brocade(config-if-e1000-1/1/2)# interface ethernet 1/1/1
Brocade(config-if-e1000-1/1/1)# acl-mirror-port ethernet 2/1/48