Mirroring entire VLAN

Posted On Jul 10, 2008 at at 4:15 PM by Dophi  

    Many people would like to implement a network management controller in order to prevent virus attack or control traffic in their local network. Many appliances, for example SPAN, monitor the user traffic behavior by using port mirroring or IPFIX (aka Netflow). For monitor or trace , Nortel ERS8600 with R and RS modules provides a new ACL concept which can combine with port mirroring to mirror the traffic in a VLAN to a single port.

    This is an example topology of port mirroring for a VLAN and I would like to create a port mirroring to monitor traffic from VLAN 2 with destination port 80.

Drawing1

1. Create ACT 1:

ERS-8606:5#config filter act 1 create
ERS-8606:5#config filter act 1 protocol tcpDstPort
ERS-8606:5#config filter act 1 apply

2. Create ACL 1 with type ingress VLAN and associate it with VLAN 2:

ERS-8606:5#config filter acl 1 create inVlan act 1
ERS-8606:5#config filter acl 1 vlan add 2

3. Create ACE 1 with action of permit to mirror TCP traffic with a destination port 80:

ERS-8606:5#config filter acl 1 ace 1 create
ERS-8606:5#config filter acl 1 ace 1 action permit
ERS-8606:5#config filter acl 1 ace 1 protocol tcp-dst-port eq 80
ERS-8606:5#config filter acl 1 ace 1 enable

4. Enable debug mode with destination port 3/30:

ERS-8606:5#config filter acl 1 ace 1 debug mirror enable mirroring-dst-ports 3/30


There are two requirements for VLAN mirroring. First of all, the software must be 5.0 or above. Secondary, I/O modules must be R or RS series.

Posted in Labels: , , |

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)