Configuration Guide User guide
940 FastIron Configuration Guide
53-1002494-02
VLAN-based mirroring
• sFlow can be enabled concurrently with VLAN-based mirroring and port mirroring.
• VLAN-based mirroring is supported on the default VLAN. If the default VLAN is changed
dynamically, the configuration is not lost.
• VLAN-based mirroring on VLAN groups is not supported, but it is supported on topology groups.
• In the case of enabling VLAN-based monitoring on the interface modules in an MCT-enabled
chassis, the VLAN configuration is not synced across the cluster. Each chassis in the cluster is
configured independently for VLAN configuration.
One of the concerns about VLAN-based mirroring is the effects of ingress and egress ACLs, as well
as rate shaping and rate limiting, on mirrored packets:
• Ingress VLAN-based mirroring: Any packets that are coming in from the network on the VLAN
should be mirrored out. Any ingress ACL actions or rate limiting actions do not take precedence
in this case.
• Egress VLAN-based mirroring: Any packets that are sent out onto the network are not affected
by egress ACLs or rate shaping.
Refer to Table 160 for a summary of the effects of ACLs and rate limiting.
Tagged versus untagged ports in VLANs
Table 161 describes how VLAN-based mirroring coexists with port mirroring, assuming a VLAN
consisting of one ingress and one egress port.
Table 161 can be summarized into the following two rules, assuming that VLAN-based mirroring
and port mirrroring are operating concurrently.
• If the VLAN is ingress monitored, and ports belonging to the VLAN are also ingress monitored,
the ingress traffic is only mirrored once and there are no duplicated mirrored packets.
TABLE 160 ACL and rate limiting effects
ACL profile Ingress result Egress result
Ingress ACL on port Packets ingress mirrored at expected (sent)
rate
Packets egress mirrored at expected
(sent) rate
Egress ACL on port Packets ingress mirrored at expected (sent)
rate
Packets egress mirrored at expected
(sent) rate
Ingress rate limiting on
port
Packets ingress mirrored at expected (sent)
rate
Packets egress mirrored at the
limited rate
Egress rate shaping on
port
Packets ingress mirrored at expected (sent)
rate
Packets egress mirrored at expected
(sent) rate
TABLE 161 VLAN-based mirroring and port mirroring effects
Packets sent VLAN-based
mirroring direction
Which port in VLAN is
monitored
Ingress mirror traffic
count expectation
Egress mirror traffic
count expectation
10000 Ingress Ingress ~10000 ~0
10000 Egress Egress ~0 ~20000
10000 Ingress Egress ~10000 ~10000
10000 Egress Ingress ~10000 ~10000