[no] mirror-source service-id
debug
Supported on all 7210 SAS platforms as described in this document
This command configures mirror source parameters for a mirrored service.
The mirror-source command is used to enable mirroring of packets specified by the association of the mirror-source to sources of packets defined within the context of the mirror-dest-service-id. The mirror destination service must already exist within the system.
A mirrored packet cannot be mirrored to multiple destinations. If a mirrored packet is correctly referenced by multiple mirror sources (for example, a SAP on one mirror-source and a port on another mirror-source), the packet is mirrored to a single mirror-dest-service-id based on the following hierarchy:
Filter entry
Service access port (SAP)
Physical port
The hierarchy is structured so the most specific match criteria has precedence over a less specific match. For example, if a mirror-source defines a port and a SAP on that port, the SAP mirror-source is accepted and the mirror-source for the port is ignored because of the hierarchical order of precedence.
The mirror-source configuration is not saved when a configuration is saved. A mirror-source manually configured within an ASCII configuration file is not preserved if that file is overwritten by a save command. Define the mirror-source within a file associated with a config exec command to make a mirror-source persistent between system reboots.
By default, all mirror-dest service IDs have a mirror-source associated with them. The mirror-source is not technically created with this command. Instead the service ID provides a contextual node for storing the current mirroring sources for the associated mirror-dest service ID. The mirror-source is created for the mirror service when the operator enters the debug>mirror-source svcId for the first time. The mirror-source is also automatically removed when the mirror-dest service ID is deleted from the system.
The no form of this command deletes all related source commands within the context of the mirror-source service-id. The command does not remove the service ID from the system.
Specifies the mirror destination service ID for which match criteria is defined. The service-id must already exist within the system.
ip-filter ip-filter-id entry entry-id [entry-id …]
no ip-filter ip-filter-id entry entry-id
debug>mirror-source
Supported on all 7210 SAS platforms as described in this document
This command enables mirroring of packets that match specific entries in an existing IP filter.
The ip-filter command directs packets which match the defined list of entry IDs to be mirrored to the mirror destination referenced by the mirror-dest-service-id of the mirror-source.
The IP filter must already exist in order for the command to execute. Filters are configured in the config>filter context. If the IP filter does not exist, an error occurs. If the filter exists but has not been associated with a SAP or IP interface, an error is not generated but mirroring is not enabled (there are no packets to mirror). When the IP filter is defined to a SAP or IP interface, mirroring is enabled.
If the IP filter is defined as ingress, only ingress packets are mirrored. Ingress mirrored packets are mirrored to the mirror destination before any ingress packet modifications.
If the IP filter is defined as egress, only egress packets are mirrored. Egress mirrored packets are mirrored to the mirror destination after all egress packet modifications.
An entry-id within an IP filter can only be mirrored to a single mirror destination. If the same entry-id is defined multiple times, an error occurs and only the first mirror-source definition is in effect.
By default, no packets matching any IP filters are mirrored. Mirroring of IP filter entries must be explicitly defined.
The no ip-filter command, without the entry keyword, removes mirroring on all entry-id’s within the ip-filter-id.
The no command executed with the entry keyword and one or more entry-id’s, terminates mirroring of that list of entry-ids within the ip-filter-id. If an entry-id is listed that does not exist, an error occurs and the command does not execute. If an entry-id is listed that is not currently being mirrored, no error occurs for that entry-id and the command executes.
Specifies the IP filter ID whose entries are mirrored. If the ip-filter-id does not exist, an error occurs and the command does not execute. Mirroring of packets commences when the ip-filter-id is defined on a SAP or IP interface.
Specifies the IP filter entries to use as match criteria for packet mirroring. The entry keyword begins a list of entry-ids for mirroring. Multiple entry-id entries may be specified with a single command. Each entry-id must be separated by a space.
If an entry-id does not exist within the IP filter, an error occurs and the command does not execute.
If the filter’s entry-id is renumbered within the IP filter definition, the old entry-id is removed but the new entry-id must be manually added to the configuration to include the new (renumbered) entry’s criteria.
ipv6-filter ip-filter-id entry entry-id [entry-id …]
no ipv6-filter ip-filter-id entry entry-id
debug>mirror-source
Supported on all 7210 SAS platforms as described in this document
This command enables mirroring of packets that match specific entries in an existing IPv6 filter.
The ipv6-filter command directs packets which match the defined list of entry IDs to be mirrored to the mirror destination referenced by the mirror-dest-service-id of the mirror-source.
The IPv6 filter must already exist in order for the command to execute. Filters are configured in the config>filter context. If the IPv6 filter does not exist, an error occurs. If the filter exists but has not been associated with a SAP or IP interface, an error is not generated but mirroring is not enabled (there are no packets to mirror). When the IPv6 filter is defined to a SAP or IP interface, mirroring is enabled.
If the IPv6 filter is defined as ingress, only ingress packets are mirrored. Ingress mirrored packets are mirrored to the mirror destination before any ingress packet modifications.
If the IPv6 filter is defined as egress, only egress packets are mirrored. Egress mirrored packets are mirrored to the mirror destination after all egress packet modifications.
An entry-id within an IPv6 filter can only be mirrored to a single mirror destination. If the same entry-id is defined multiple times, an error occurs and only the first mirror-source definition is in effect.
By default, no packets matching any IPv6 filters are mirrored. Mirroring of IPv6 filter entries must be explicitly defined.
The no ipv6-filter command, without the entry keyword, removes mirroring on all entry-ids within the ipv6-filter-id.
When the no command is executed with the entry keyword and one or more entry-ids, mirroring of that list of entry-ids is terminated within the ipv6-filter-id. If an entry-id is listed that does not exist, an error occurs and the command does not execute. If an entry-id is listed that is not currently being mirrored, no error occurs for that entry-id and the command executes.
The IPv6 filter ID whose entries are mirrored. If the ipv6-filter-id does not exist, an error occurs and the command does not execute. Mirroring of packets commences when the ipv6-filter-id is defined on a SAP or IP interface.
Specifies the IPv6 filter entries to use as match criteria for packet mirroring. The entry keyword begins a list of entry-ids for mirroring. Multiple entry-id entries may be specified with a single command. Each entry-id must be separated by a space.
If an entry-id does not exist within the IPv6 filter, an error occurs and the command does not execute.
If the filter’s entry-id is renumbered within the IPv6 filter definition, the old entry-id is removed but the new entry-id must be manually added to the configuration to include the new (renumbered) entry’s criteria.
mac-filter mac-filter-id entry entry-id [entry-id …]
no mac-filter mac-filter-id
no mac-filter mac-filter-id entry entry-id [entry-id …]
debug>mirror-source
Supported on all 7210 SAS platforms as described in this document
This command enables mirroring of packets that match specific entries in an existing MAC filter.
The mac-filter command directs packets which match the defined list of entry IDs to be mirrored to the mirror destination referenced by the mirror-dest-service-id of the mirror-source.
The MAC filter must already exist in order for the command to execute. Filters are configured in the config>filter context. If the MAC filter does not exist, an error occurs. If the filter exists but has not been associated with a SAP or IP interface, an error is not generated but mirroring is not enabled (there are no packets to mirror). When the filter is defined to a SAP or MAC interface, mirroring is enabled.
If the MAC filter is defined as ingress, only ingress packets are mirrored. Ingress mirrored packets are mirrored to the mirror destination before any ingress packet modifications.
The no mac-filter command, without the entry keyword, removes mirroring on all entry-ids within the mac-filter-id.
When the no command is executed with the entry keyword and one or more entry-ids, mirroring of that list of entry-id’s is terminated within the mac-filter-id. If an entry-id is listed that does not exist, an error occurs and the command does not execute. If an entry-id is listed that is not currently being mirrored, no error occurs for that entry-id and the command executes.
Specifies the MAC filter ID whose entries are mirrored. If the mac-filter-id does not exist, an error occurs and the command does not execute. Mirroring of packets commences when the mac-filter-id is defined on a SAP.
Specifies the MAC filter entries to use as match criteria for packet mirroring. The entry keyword begins a list of entry-id’s for mirroring. Multiple entry-id entries may be specified with a single command. Each entry-id must be separated by a space. Up to 8 entry IDs may be specified in a single command.
Each entry-id must exist within the mac-filter-id. If the entry-id is renumbered within the MAC filter definition, the old entry-id is removed from the list and the new entry-id needs to be manually added to the list if mirroring is still wanted.
If no entry-id entries are specified in the command, mirroring does not occur for that MAC filter ID. The command has no effect.
port {port-id | lag lag-id} {[egress] [ingress]}
no port {port-id | lag lag-id} [egress] [ingress]
debug>mirror-source
Supported on all 7210 SAS platforms as described in this document
This command enables mirroring of traffic ingressing or egressing a port (Ethernet port, or Link Aggregation Group (LAG)).
The port command associates a port or LAG to a mirror source. The port is identified by the port-id. The defined port may be Ethernet, access or access uplink. access. A port may be a single port or a Link Aggregation Group (LAG) ID. When a LAG ID is specified as the port-id, mirroring is enabled on all ports making up the LAG. Either a LAG port member or the LAG port can be mirrored.
The port is only referenced in the mirror source for mirroring purposes. If the port is removed from the system, the mirroring association is removed from the mirror source.
The same port may not be associated with multiple mirror source definitions with the ingress parameter defined. The same port may not be associated with multiple mirror source definitions with the egress parameter defined.
If a SAP is mirrored on an access port, the SAP mirroring has precedence over the access port mirroring when a packet matches the SAP mirroring criteria. Filter and label mirroring destinations have precedence over a port-mirroring destination.
If the port is not associated with a mirror-source, packets on that port are not mirrored. Mirroring may still be defined for a SAP or filter entry, which mirrors based on a more specific criteria.
The no form of this command disables port mirroring for the specified port. Mirroring of packets on the port may continue because of more specific mirror criteria. If the egress or ingress parameter keywords are specified in the no command, only the ingress or egress mirroring condition are removed.
Specifies the port ID.
Specifies the LAG identifier, expressed as a decimal integer.
Specifies that packets egressing the port should be mirrored. Egress packets are mirrored to the mirror destination after egress packet modification.
Specifies that packets ingressing the port should be mirrored. Ingress packets are mirrored to the mirror destination before ingress packet modification.
no sap sap-id {[ingress]}
no sap sap-id {[ingress]}
debug>mirror-source
Supported on all 7210 SAS platforms as described in this document
This command enables mirroring of traffic ingressing or egressing a service access port (SAP). A SAP that is defined within a mirror destination cannot be used in a mirror source. The mirror source SAP referenced by the sap-id is owned by the service ID of the service in which it was created. The SAP is only referenced in the mirror source name for mirroring purposes. The mirror source association does not need to be removed before deleting the SAP from its service ID. If the SAP is deleted from its service ID, the mirror association is removed from the mirror source.
More than one SAP can be associated within a single mirror-source. Each SAP has its own ingress parameter keywords to define which packets are mirrored to the mirror destination.
The SAP must be valid and correctly configured. If the associated SAP does not exist, an error occurs and the command does not execute.
The same SAP cannot be associated with multiple mirror source definitions for ingress packets.
If a particular SAP is not associated with a mirror source name, that SAP does not have mirroring enabled for that mirror source.
The no form of this command disables mirroring for the specified SAP. All mirroring for that SAP on ingress and egress is terminated. Mirroring of packets on the SAP can continue if more specific mirror criteria is configured. If the egress or ingress parameter keywords are specified in the no command, only the ingress or egress mirroring condition is removed.
Specifies the physical port identifier portion of the SAP definition. See Common CLI command descriptions for command syntax.
Specifies that packets ingressing the SAP should be mirrored. Ingress packets are mirrored to the mirror destination before ingress packet modification.