Solved

Example use for "monitor-by-isid"?

  • 12 December 2018
  • 2 replies
  • 682 views

I looked for this commend in the command reference for VOSS 7.1 but didn't find it documented there. I'm looking for a syntax example and how this commend might be used. Was looking for a way to basically put a device on an i-sid as a tap for sniffing network traffic.
icon

Best answer by Jongseok Won 13 December 2018, 06:49

Please see the below for Fabric RSPAN configuration.

1.Port Based I-SID Mirroring

*ACLIs:
–mirror-by-port in-port monitor-isid-offset mode qos
–no mirror-by-port [enable]
–default mirror-by-port [enable], [mode], [qos]

*Description:
–session-id :- The mirroring session that can be configured with range
–in-port :- Used to configure the 'mirrored' ports. The in-port is the source port from which packets are mirrored
–monitor-isid-offset :- Offset id value which will be mapped to actual monitor I-SID where packets will be mirrored. Monitor I-SID = base monitor I-SID + offset-id. The range of the monitor-isid-offset will be . Base monitor I-SID = 16776000.
–qos :- Used to define the Quality of Service(QoS) profiles for the system. Monitoring I-SID can support six different QoS levels . Each QoS level can be individually configured. Default value is 1.
– mode :- Used to configure the 'mode' of the mirror operation.
'tx' means packets being transmitted on the 'mirrored' port will be copied
'rx' means packets received on the 'mirrored' port will be copied.
'both' means all traffic on the 'mirrored' port will be copied.
By default the mode is rx.
–enable :- Enable the mirror-by-port entry. By Default the entry is enabled on creation

2.Flow Based I-SID Mirroring
*ACLIs :
–filter acl ace action [permit | deny] monitor-isid-offset [qos ]
–no filter acl ace action [permit | deny] monitor-isid-offset
–default filter acl ace action [permit | deny] monitor-isid-offset qos

*ACLIs with Remove-tag option (used for bridging RSPAN traffic) :
–filter acl ace action deny monitor-isid-offset [qos ] [remove-tag]
–no filter acl ace action deny monitor-isid-offset
–default filter acl ace action deny monitor-isid-offset [qos] [remove-tag]

*Description:
–Acl-id: - Access control list id
–Ace-id: - Access control entry id
–Permit: - Matching packets are permitted
–deny: - Matching packets are denied and mirrored into I-SID
–remove-tag :- Used to remove outer tag of packets mirrored into I-SID. By default it is set to false and vlan tag will not be removed.

3.Monitoring ACLIs
*ACLIs :
–monitor-by-isid monitor-isid-offset { egress-ports | egress-mlt }
–monitor-by-isid monitor-isid-offset { egress-ports | egress-mlt } map-to-vid
–no monitor-by-isid [enable], [map-to-vid ]
–default monitor-by-isid [enable]

*Description:
–egress-ports:- monitoring ports to which analyzers shall be connected
–egress-mlt:- monitoring MLT to which analyzers shall be connected
–map-to-vid :- Optional parameter to map the mirrored packet to VLAN-Id for analysis.

4.Show and Clear I-SID Mirroring Configuration and Statistics
*ACLIs :
–clear isid-mirroring stats [monitor-isid-offset ]
–show mirror-by-port
–show filter acl ace action
–show filter acl ace configs
–show monitor-by-isid
–show isid-mirroring stats [monitor-isid-offset ]

View original

2 replies

Userlevel 3
Please see the below for Fabric RSPAN configuration.

1.Port Based I-SID Mirroring

*ACLIs:
–mirror-by-port in-port monitor-isid-offset mode qos
–no mirror-by-port [enable]
–default mirror-by-port [enable], [mode], [qos]

*Description:
–session-id :- The mirroring session that can be configured with range <1- 479>
–in-port :- Used to configure the 'mirrored' ports. The in-port is the source port from which packets are mirrored
–monitor-isid-offset :- Offset id value which will be mapped to actual monitor I-SID where packets will be mirrored. Monitor I-SID = base monitor I-SID + offset-id. The range of the monitor-isid-offset will be <1-1000>. Base monitor I-SID = 16776000.
–qos :- Used to define the Quality of Service(QoS) profiles for the system. Monitoring I-SID can support six different QoS levels <0-5>. Each QoS level can be individually configured. Default value is 1.
– mode :- Used to configure the 'mode' of the mirror operation.
'tx' means packets being transmitted on the 'mirrored' port will be copied
'rx' means packets received on the 'mirrored' port will be copied.
'both' means all traffic on the 'mirrored' port will be copied.
By default the mode is rx.
–enable :- Enable the mirror-by-port entry. By Default the entry is enabled on creation

2.Flow Based I-SID Mirroring
*ACLIs :
–filter acl ace action [permit | deny] monitor-isid-offset [qos ]
–no filter acl ace action [permit | deny] monitor-isid-offset
–default filter acl ace action [permit | deny] monitor-isid-offset qos

*ACLIs with Remove-tag option (used for bridging RSPAN traffic) :
–filter acl ace action deny monitor-isid-offset [qos ] [remove-tag]
–no filter acl ace action deny monitor-isid-offset
–default filter acl ace action deny monitor-isid-offset [qos] [remove-tag]

*Description:
–Acl-id: - Access control list id <1-2048>
–Ace-id: - Access control entry id <1-2048>
–Permit: - Matching packets are permitted
–deny: - Matching packets are denied and mirrored into I-SID
–remove-tag :- Used to remove outer tag of packets mirrored into I-SID. By default it is set to false and vlan tag will not be removed.

3.Monitoring ACLIs
*ACLIs :
–monitor-by-isid monitor-isid-offset { egress-ports | egress-mlt }
–monitor-by-isid monitor-isid-offset { egress-ports | egress-mlt } map-to-vid
–no monitor-by-isid [enable], [map-to-vid ]
–default monitor-by-isid [enable]

*Description:
–egress-ports:- monitoring ports to which analyzers shall be connected
–egress-mlt:- monitoring MLT to which analyzers shall be connected
–map-to-vid :- Optional parameter to map the mirrored packet to VLAN-Id for analysis.

4.Show and Clear I-SID Mirroring Configuration and Statistics
*ACLIs :
–clear isid-mirroring stats [monitor-isid-offset ]
–show mirror-by-port
–show filter acl ace action
–show filter acl ace configs
–show monitor-by-isid
–show isid-mirroring stats [monitor-isid-offset ]

Awesome, thank you. A lot of info there!

Reply