Table of contents
Port mirroring configuration
Features:
Users can use the function provided by port mirroring (SPAN) to copy the packets of the specified port to another port on the router connected to the network monitoring device for network monitoring and troubleshooting.
All incoming and outgoing packets from source ports can be monitored through SPAN. For example, in the figure below, all packets on port 5 are mapped to port 10. Although the network analyzer connected to port 10 is not directly connected to port 5, it can receive all packets on port 5.
1. Precautions
1. Currently, only the Layer 2 interfaces of RSR10-02E, RSR20-04E, RSR20-14E, RSR20-14F, RSR10-X-07, RSR20-X-28 and RSR20-X-52 support the port mirroring function;
2. A port mirroring session only supports configuring one destination port, and the source and destination ports cannot be the same port;
3. Different port mirroring sessions will not affect each other, and only interfaces in the same session can mirror data;
3. If the device that supports this function does not have the port mirroring command, please log in to Ruijie official website - service and support - software download, and download the latest software version upgrade for the corresponding device model.
2. Explanation of terms
1. SPAN session
A SPAN session mirrors the data flow between the source port and the destination port, and can monitor the input, output, and bidirectional packets of a single or multiple ports. After a port joins a SPAN session, it does not affect the normal operation of the router.
Users can configure a SPAN session on a closed port, but the SPAN session is inactive, and the SPAN session will become active only after the related port is opened. In addition, the SPAN session does not take effect immediately after the router is powered on, and the SPAN session is not active until the destination port is in the operational state. Users can view the operation status of SPAN sessions through the show monitor [session session_num] command.
2. Data flow direction
A SPAN session consists of data flow in the following three directions:
Input data stream:
All packets received on the source port will be copied to the destination port. In a SPAN session, users can monitor the incoming packets of one or more source ports. Due to some reasons (such as port security), the packet input from the source port may be discarded, but this does not affect the SPAN function, and the packet will still be mirrored to the destination port.
Output data stream:
All packets sent from the source port will be copied to the destination port. In a SPAN session, the user can monitor the output packets of one or more source ports. If due to some reasons, the packets sent from other ports to the source port may be discarded, similarly, the packets will not be sent to the destination port. The format of the packet output from the source port may change due to some reasons. For example, the packet output by the source port after routing, the source MAC, destination MAC, VLAN ID and TTL of the packet change. The format of the message will also change.
Bi-directional data flow:
Including the two data streams mentioned above. In a SPAN session, the user can monitor the data flow in the input and output directions of one or more source ports.
3. Configuration steps
Ruijie>enable
Ruijie(config)#monitor session 1 source interface fastEthernet 1/1 both --->The port mirroring session is 1, the specified source port is fastEthernet 1/1, and the mirrored data flow direction is bidirectional both. In addition to the both parameters, there are input data stream rx and output data stream tx.
Ruijie(config)#monitor session 1 destination interface fastEthernet 1/2 ---> port mirroring session is 1, and the designated destination port is fastEthernet 1/2. If the terminal of this interface also needs to access the network in the forward direction, then add a " switch " at the end of the command , which is monitor session 1 destination interface fastEthernet 1/2 switch.
Ruijie(config)#end
Ruijie#write --->Save configuration
4. Configuration verification
View the interface configuration through show monitor session 1
Ruijie#show monitor session 1
sess-num: 1
span-type: LOCAL_SPAN
src-intf:
FastEthernet 1/1 frame-type Both
dest-intf:
FastEthernet 1/2