Port Monitor

Introduction

Port monitoring or mirroring, is the act of observing traffic on a specified source port, or multiple source ports, and duplicating the traffic to another provided destination port.

For an example use-case, refer to the following:

Overview

It is possible to configure multiple different monitor instances that can be active at the same time. Each monitor instance can have one specified destination, and multiple different sources.

Sources

A source port, or a monitored port, is a port that will have its traffic copied/mirrored to a provided destination port. The following is relevant for monitor source ports:

  • A source port cannot be configured as a destination port at the same time, in any monitor instance.
  • It can only be specified as a source for one monitor instance at a time.
  • Each individual source port can have its monitoring direction (ingress, egress, both) specified.
  • A source port can be any physical ethernet interface on the device.

Destinations

A destination port, or a monitor port, is the port where all traffic will be received from the defined sources. The following is relevant for a destination port:

  • Each monitor instance can have one destination specified.
  • A single destination port can be used in multiple different monitor instances.
  • A destination cannot also be a source, in any monitor instance.
  • A destination port can be any physical ethernet interface on the device.

Configuration

Monitor instances can be created from the top-level configuration context in the CLI. Notice the requirement for an identifier argument.

example:/#> configure
example:/config/#> monitor 1
example:/config/monitor-1/#>

The identifier can be either a number or a name:

example:/config/#> monitor debug
example:/config/monitor-debug/#>

Syntax

[no] enable

Enable/Disable port monitoring.

no
Disable.
[no] destination PORT

Set monitor destination.

no
TEMP
PORT
The destination port to be used for the monitor instance.
[no] source port PORT[,PORT ...] | PORT..PORT [ingress] [egress]

Set the monitoring source(s). If not specified, direction will be set to both ingress and egress.

no
TEMP
PORT
The source port(s) to be used for the monitor instance.
ingress
Capture traffic that ingresses on the source(s).
egress
Capture traffic that egresses on the source(s).

Status

The current configured port monitor instances can be observed in the following manner.

example:/#> show monitor
Instance: 1                                                                    
Source(s)      : eth1 inbound | outbound
Destination(s) : eth2

Instance: debug
Source(s)      : eth5 inbound | outbound
Destination(s) : eth7