Traffic Mirroring Commands


Note

All commands applicable for the Cisco NCS 5500 Series Router are also supported on the Cisco NCS 540 Series Router that is introduced from Cisco IOS XR Release 6.3.2. References to earlier releases in Command History tables apply to only the Cisco NCS 5500 Series Router.


Note

  • Starting with Cisco IOS XR Release 6.6.25, all commands applicable for the Cisco NCS 5500 Series Router are also supported on the Cisco NCS 560 Series Routers.

  • Starting with Cisco IOS XR Release 6.3.2, all commands applicable for the Cisco NCS 5500 Series Router are also supported on the Cisco NCS 540 Series Router.

  • References to releases before Cisco IOS XR Release 6.3.2 apply to only the Cisco NCS 5500 Series Router.

  • Cisco IOS XR Software Release 7.0.1 specific updates are not applicable for the following variants of Cisco NCS 540 Series Routers:

    • N540-28Z4C-SYS-A

    • N540-28Z4C-SYS-D

    • N540X-16Z4G8Q2C-A

    • N540X-16Z4G8Q2C-D

    • N540X-16Z8Q2C-D

    • N540-12Z20G-SYS-A

    • N540-12Z20G-SYS-D

    • N540X-12Z16G-SYS-A

    • N540X-12Z16G-SYS-D

This module provides command line interface (CLI) commands for traffic mirroring commands.

For detailed information about traffic mirroring concepts, configuration tasks, and examples, refer to the Interface and Hardware Component Configuration Guide for Cisco NCS 5500 Series RoutersInterface and Hardware Component Configuration Guide for Cisco NCS 540 Series RoutersInterface and Hardware Component Configuration Guide for Cisco NCS 560 Series Routers.

acl

To configure ACL-based traffic mirroring, use the acl command in the monitor session configuration mode. To stop ACL-based traffic mirroring, use the no form of this command.

acl

Command Default

No default behavior or values

Command Modes

Monitor session configuration

Command History

Release

Modification

Release 6.1.3

This command was introduced.

Usage Guidelines

If you use the acl command, traffic is mirrored according to the definition of the global interface access list (ACL) defined in one of the following commands: ipv4 access-list , ipv6 access-list .

Even when the acl command is configured on the source mirroring port, if the ACL configuration command does not use the capture keyword, no traffic gets mirrored.

If the ACL configuration uses the capture keyword, but the acl command is not configured on the source port, although traffic is mirrored, no access list configuration is applied.

Examples

This example shows how to configure ACL-based traffic mirroring on the interface: 


Router(config)# monitor-session tm_example 
Router(config-es-acl)# 10 deny 0000.1234.5678 0000.abcd.abcd any capture 
Router(config-es-acl)# exit 
Router(config)# interface GigabitEthernet0/2/0/0 
Router(config-if)# monitor-session tm_example direction rx-only 
Router(config-if)# acl 
Router(config-if)# l2transport 
Router(config-if-l2)# exit 
Router(config-if)# end

acl mpls

To mirror the MPLS traffic based on the global interface access list (ACL) defined in the mpls access-list configuration, use the acl mpls command in monitor session configuration mode.

acl mpls acl_name

Syntax Description

acl_name

Specifies the ACL name specified in the mpls access-list definition.

Command Default

None

Command Modes

Monitor session configuration mode

Command History

Release Modification
Release 24.4.1

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

ethernet-services

read, write

Examples

This example provides the monitor session to be used on the configured interface. Use the direction keyword to specify that only ingress MPLS traffic is mirrored. 

Router(config)# interface tenGigE 0/0/0/14
Router(config-if)#monitor-session S1 ethernet direction rx-only port-level
Router(config-if-mon)#acl mpls mp

clear monitor-session counters

To clear the traffic mirroring session statistics, use the clear monitor-session counters command in EXEC mode.

clear monitor-session counters [session-name] [interface type interface-path-id]

Syntax Description

interface

Identifies the interface for which the counters are to be cleared.

type

Interface type. For more information, use the question mark (? ) online help function.

interface-path-id

Physical interface or virtual interface.

Note

 

Use the show interfaces command to see a list of all interfaces currently configured on the router.

For more information about the syntax for the router, use the question mark (? ) online help function.

session-name

Name of the monitor session to clear.

Command Default

All stored statistics for all interfaces are cleared.

Command Modes

EXEC

Command History

Release

Modification

Release 6.1.1 This command was introduced.

Task ID

Task ID

Operations

interface

read

Examples

This example shows how to clear the traffic mirroring statistic counters: 

clear monitor-session mon1 counters

destination

To associate a specifc destination with a traffic mirroring session, use the destination command in monitor session configuration mode. To remove the designated destination, use the no form of this command.

destination [ rx | tx ] { interface | pseudowire | file | sflow | application }

interface type { erspan-session-id id [ { kbps | pps } ] }

file [ size kbytes [ buffer-type linear ][ format pcapng ][ filter expression ]][ always-on [ periodic-write interval [ capacity capacity { KB | MB | GB } ]]]

sflow exporter-map-name

Syntax Description

destination [ rx | tx ] { interface | pseudowire | file | sflow | application }

Destination where mirrored traffic is sent.

rx

Allows you to specify the destination for the incoming traffic (Rx).

tx

Allows you to specify the destination for the outgoing traffic (Tx).

interface type { erspan-session-id id }

  • interface type:

    Physical interface or virtual interface.

    Note

     

    Use the show interfaces command to see a list of all interfaces currently configured on the router.

    For more information about the syntax for the router, use the question mark (? ) online help function.

  • erspan-session-id id:

    Unique ERSPAN ID that is assigned to the destination session.

file [ size kbytes [ buffer-type linear ][ format pcapng ][ filter expression ]][ always-on [ periodic-write interval [ capacity capacity { KB | MB | GB } ]]]

  • size kbytes: Maximum size of the file in kilobytes. If not specified, the default size is applied.

  • buffer-type linear: Buffer that operates in a linear mode. This configuration replaces the default circular mode.

  • format pcapng: Output file format for the captured packets as PCAP Next Generation (pcapng). If the format is not specified, the default format is pcap.

  • filter expression: Applies pcap filter expression to the traffic being captured.

  • always-on : Enables continuous packet capture at the specified interval when used with the periodic-write option.

  • periodic-write interval: Specifies that the captured data should be written to the disk periodically at a defined interval, when always-on is configured.

  • capacity capacity: Total storage capacity (KB/MB/GB) allocated for the continuous capture.

sflow exporter-map-name

Sends the mirrored traffic using the sFlow exporter map.

Command Default

  • In the monitor session configuration with file as destination:

    • If size is not specified, the default size is applied.

    • If buffer-type linear is not configured, the default circular mode is applied.

    • If the format pcapng is not specified, the default format is pcap.

Command Modes

Monitor sessions configuration

Command History

Release

Modification

Release 6.1.1

This command was introduced.
Release 6.1.3

The ability to specify a GRE tunnel interface as a destination was added.

Release 25.3.1

A new keyword, application, was added to the destination keyword.

Usage Guidelines

Use the destination interface command to assign a traffic monitoring session to a specific destination interface. This is the port to which a network analyzer is connected. This is generally called the monitoring port.

A destination port has these characteristics:

  • A destination port must reside on the same switch as the source port.

  • A destination port can be any Ethernet physical port, nV Satellite ICL port, EFP, a GRE tunnel interface or a bundle interface. The ICL must not be a bundle interface.

  • At any one time a destination port can participate in only one traffic mirroring session. A destination port in one traffic mirroring session cannot be a destination port for a second traffic mirroring session. In other words, no two monitor sessions can have the same destination port.

  • A destination port cannot also be a source port.

Examples

This example shows how to configure a monitoring port for a traffic mirroring session. 


Router(config)# monitor-session mon1 
Router (config-mon)# destination interface gigabitethernet0/0/0/15

This example shows how to configure a monitor session to send mirrored traffic over a pseudowire. destination.

Router(config)# monitor-session mon1 
Router (config-mon)# destination pseudowire

This is an example L2VPN running configuration with pseudowire as destination.

monitor-session mon1 ethernet
 destination rx pseudowire
 destination tx pseudowire
!
interface Loopback0
 ipv4 address 11.11.11.11 255.255.255.255
!
interface TenGigE0/0/0/0
 ipv4 address 10.0.12.1 255.255.255.0
!
router ospf 1
 area 1
  interface Loopback0
  !
  interface TenGigE0/0/0/0
  !
 !
!
l2vpn
 xconnect group XC
  p2p rx
   monitor-session mon1 rx
   neighbor ipv4 12.12.12.12 pw-id 100
   !
  !
  p2p tx
   monitor-session mon1 tx
   neighbor ipv4 12.12.12.12 pw-id 101
   !
  !
 !
!
mpls ldp
 router-id 11.11.11.11
 interface TenGigE0/0/0/0
 !
!
This example shows how to write the mirrored traffic directly into a file in an internal storage.
Router(config)# monitor-session mon1 
Router (config-mon)# destination file
This example shows how to use an sFlow protocol as destination.
Router(config)# monitor-session mon1 
Router (config-mon)# destination sflow EXP-MAP-DROP

This example shows how to configure a monitor session with application as the destination. 

Router# configure
Router(config)# monitor-session mon1 
Router (config-mon)# destination application

drops

To mirror Traffic Management (TM) buffer drop packets or forward-drop packets at the ingress of a router to a configured destination, use the drops command in XR Config mode.

drops [ rx | tx ] { traffic-management | packet-processing | unique-punt | unique-port | filter expression }

Syntax Description

rx

Mirror packet drops in the Rx direction only.

tx

Mirror packet drops in the Tx direction only.

traffic-management

Mirror TM buffer drop packets in the specified direction (Rx or Tx).

packet-processing

Mirror forward-drop packets in the specified direction (Rx or Tx).

unique-punt

Monitor packets that are punted to the CPU for processing.

unique-port

Specify packet drops associated with specific port conditions.

filter expression

Apply pcap filter expression to the traffic being captured.

Command Default

All packet drops are mirrored.

Command Modes

XR Config mode

Command History

Release Modification
Release 24.2.1

This command was introduced.

Usage Guidelines

The command is not available on management interface.

This configuration allows the user to easily configure mirroring all drops on the router. The user can additionally specify that only packet-processing and traffic-management drops should be mirrored, either in the rx or tx directions. The unique-punt and unique-port options indicate only the first dropped packet for a given drop-reason or interface are mirrored respectively.

Task ID

Task ID Operation
ethernet-services

read, write

Examples

This example shows how to configure a global traffic mirroring session for forward-drop packets.

Router(config)# interface tunnel-ip2
Router(config-if)# tunnel mode gre ipv4
Router(config-if)# tunnel source 10.10.10.10
Router(config-if)# tunnel destination 192.0.2.1 
Router(config-if)# exit
Router(config)# monitor-session mon2 ethernet 
Router(config-mon)# destination interface tunnel-ip2 
Router(config-mon)# drops packet-processing rx
Router(config-mon)# commit

forward-drop rx

To mirror forward-drop packets at the ingress of a router to a configured destination, use the forward-drop rx command in XR Config mode.

forward-drop rx

Syntax Description

This command has no keywords or arguments.

Command Default

Mirroring forward-drop packets is disabled.

Command Modes

XR Config mode

Command History

Release Modification
Release 7.5.4

This command was introduced.

Release 24.2.1

This command was deprecated. Use the drops command to achieve the same functionality.

Usage Guidelines

The forward-drop rx command is not available on management interface.

Task ID

Task ID Operation
ethernet-services

read, write

Examples

This example shows how to configure a global traffic mirroring session for forward-drop packets.

Router(config)# interface tunnel-ip 2
Router(config-if)# tunnel mode gre ipv4
Router(config-if)# tunnel source 20.20.20.20
Router(config-if)# tunnel destination 192.1.1.3 
Router(config-if)!
Router(config)# monitor-session mon2 ethernet 
Router(config-mon)#destination interface tunnel-ip2 
Router(config-mon)#forward-drop rx
Router(config-mon)#!

hw-module profile span-filter l2-rx-enable

To enable SPAN filtering on Layer 2 incoming (rx) traffic, use the hw-module profile span-filter l2-rx-enable command in monitor session configuration mode. To remove the filtering, use the no form of this command.

hw-module profile span-filter l2-rx-enable

Syntax Description

span-filter

Specifies SPAN filtering.

l2-rx-enable

Enables intra-bridge layer 2 incoming (rx) traffic for filtering.

Command Default

No default behavior or values

Command Modes

Monitor session configuration

Command History

Release

Modification

Release 7.7.1

This command was introduced.

Usage Guidelines

To activate the filtering, you must reload the chassis or all the line cards.

Examples

This example shows how to enable SPAN filtering for incoming Layer 2 interface traffic: 


Router(config)# hw-module profile npu native-mode-enable
hw-module profile span-filter l2-rx-enable


interface Bundle-Ether1
 monitor-session mon1 ethernet direction rx-only port-level
!
interface Bundle-Ether1.1 l2transport
 encapsulation dot1q 1
 rewrite ingress tag pop 1 symmetric
!
interface Bundle-Ether1.2 l2transport
 encapsulation dot1q 2
 rewrite ingress tag pop 1 symmetric
!
l2vpn
 bridge group bg1
  bridge-domain bg1
   interface Bundle-Ether1.1
   !
   interface Bundle-Ether1.2
   !
   interface HundredGigE0/0/0/17
   !
   routed interface BVI100
   !
  !
 !

hw-module profile span-filter l2-l3-tx-enable

To enable SPAN filtering on Layer 2 outgoing (Tx) traffic, use the hw-module profile span-filter l2-l3-tx-enable command in monitor session configuration mode. To remove the filtering, use the no form of this command.

hw-module profile span-filter l2-l3-tx-enable

Syntax Description

span-filter

Specifies SPAN filtering.

l2-l3-tx-enable

Enables intra-bridge layer 2 outgoing (Tx) traffic for filtering.

Command Default

No default behavior or values

Command Modes

Monitor session configuration

Command History

Release

Modification

Release 7.8.1

This command was introduced.

Usage Guidelines

To activate the filtering, you must reload the chassis or all the line cards.

Examples

This example shows how to enable SPAN filtering for outgoing Layer 2 interface traffic: 


Router(config)# hw-module profile npu native-mode-enable
hw-module profile span-filter l2-l3-tx-enable


interface Bundle-Ether1
 monitor-session mon1 ethernet direction tx-only port-level
!
interface Bundle-Ether1.1 l2transport
 encapsulation dot1q 1
 rewrite ingress tag pop 1 symmetric
!
interface Bundle-Ether1.2 l2transport
 encapsulation dot1q 2
 rewrite ingress tag pop 1 symmetric
!
l2vpn
 bridge group bg1
  bridge-domain bg1
   interface Bundle-Ether1.1
   !
   interface Bundle-Ether1.2
   !
   interface HundredGigE0/0/0/17
   !
   routed interface BVI100
   !
  !
 !

hw-module profile tcam format

To add UDF field definitions to the ACL key definition that is sent to the hardware, use the hw-module profile tcam format command in monitor session configuration mode. To remove the UDF field definitions, use the no form of this command.

hw-module profile tcam format access-list {ipv4 | ipv6} [ acl-qualifiers] [ udf1 udf-name1 ... udf8 udf-name8]

no hw-module profile tcam format access-list {ipv4 | ipv6} [ acl-qualifiers] [ udf1 udf-name1 ... udf8 udf-name8]

Syntax Description

access-list

Specifies the access-list format.

ipv4

Specifies the IPv4 access list.

ipv6

Specifies the IPv6 access list.

acl-qualifiers

Specifies the ACL qualifiers.

udf1 udf-name1 ... udf8 udf-name8

Specifies the UDF-defined filter.

Note

 

The range is from 1 to 8.

Command Default

No default behavior or values

Command Modes

Monitor session configuration

Command History

Release

Modification

Release 6.1.3

This command was introduced.

Usage Guidelines

To activate the new IPv4 profile, you must manually reload the chassis or all the line cards.

Examples

This example shows how to add UDF to the ACL key definitions: 


Router(config)# hw-module profile tcam format access-list ipv4 src-addr dst-addr packet-length 
precedence proto udf1 udf-test

mirror first

To configure partial traffic mirroring, use the mirror first command in monitor session configuration mode and global configuration mode. To stop mirroring a portion of the packet, use the no form of this command.

mirror { first bytes }

Syntax Description

bytes

Number of bytes mirrored. The mirrored packet length value can range from 65 to 128.

Note

 

In global configuration mode, the mirrored packet length ranges from 1 to 10000.

Command Default

The entire packet is mirrored.

Command Modes

Monitor session configuration
Global configuration

Command History

Release

Modification

Release 6.1.1

This command was introduced.

Release 7.5.2

The mirror first option is introduced in the global configuration mode.

Usage Guidelines

To mirror the first 64 to 128 bytes of the packet, use the mirror first command. The actual mirrored packet is the configured partial packet monitoring size plus the 4-byte trailing CRC.

Examples

This example shows how to mirror the first 100 bytes of a packet: 


Router(config)# interface gigabitethernet0/0/0/11 
Router(config-if)# monitor-session mon1 
Router(config-if-mon)# mirror first 100

mirror enable

To copy files or directories automatically from /harddisk:/mirror location in active RP to /harddisk:/mirror location in standby RP or RSP without user intervention or EEM scripts, use mirror enable command. The mirror enable checksum command enables MD5 checksum across active to standby RP to check integrity of the files. This command is optional. A slight delay is observed in show mirror command output when mirror checksum configuration is enabled.

mirror enable

Command Default

The /harddisk:/mirror directory is created by default, but file mirroring functionality is only enabled by executing the mirror enable command from configuration terminal.

Command Modes

Monitor configuration

Command History

Release Modification

Release 7.2.1

This command was introduced.

Examples

File mirroring has to be enabled explicitly on the router. It is not enabled by default.

RP/0/RSP0/CPU0:router#show run mirror
Thu Jun 25 10:12:17.303 UTC
mirror enable
mirror checksum

monitor-session

To define a traffic mirroring session and enter monitor session configuration mode, use the monitor-session command in global configuration mode. To remove the traffic mirroring session, use the no form of this command.

monitor-session { router-id router-id | local-capture-capacity capacity

monitor-session session-name [ ethernet | ipv4 | ipv6 | mpls-ipv4 | mpls-ipv6 ] [ destination [ rx | tx ] { interface | pseudowire | file | sflow | application } ] [ discard class { 0-7 } ] [ traffic class { 0-7 } ] [ drops [ rx | tx ] { traffic-management | packet-processing | unique-punt | unique-port | filter expression } ] [ protocol-capture [ rx | tx ] [ filter expression ]] [ mirror first bytes ] [ inject-interface { bvi | bundle-ether | EightHundredGigE | FastEthernet | FiftyGigE | FortyGigE | FourHundredGigE | GigabitEthernet | HundredGigE | TenGigE | TwentyFiveGigE | TwoHundredGigE } ] [ mirror interval ]

Syntax Description

session-name

Name of the monitor session to configure.

router-id

Allows you to configure router id with a value that can range from 1 to 255.

local-capture-capacity

Specifies the maximum amount of memory on disk used to maintain periodic capture files for all sessions.

monitor-session session-name [ ethernet | ipv4 | ipv6 | mpls-ipv4 | mpls-ipv6 ]

Specifies the monitor session type. Ethernet is the default type if none of these session types are specified:

  • ipv4

  • ipv6

  • mpls-ipv4

  • mpls-ipv6

rx

Allows you to configure the monitor session for the incoming traffic (Rx) only.

tx

Allows you to configure the monitor session for the outgoing traffic (Tx) only.
destination

Allows you to configure the destination for the current monitor-session for incoming traffic (Rx) or outgoing traffic (Tx).
destination interface

Sends mirrored traffic to the specified interface.
destination pseudowire

Sends mirrored traffic over a pseudowire.

destination file

Stores mirrored traffic directly into a file.

destination sflow

Configures the monitoring session to send the network traffic data using the sFlow protocol.

destination application

Sends mirrored traffic to a third-party application.

discard-class

Allows you to specify the discard class value to be set on all traffic that is mirrored to the destination.
traffic-class

Allows you to specify the traffic class value to be set on all traffic that is mirrored to the destination.

protocol-capture

Configures the session to capture packets related to specific control-plane protocols.

mirror first

Specifies that only the first x bytes of a packet to be mirrored to the destination.

mirror interval

Specifies that sampling of traffic is performed on all sessions. Only the sampled packets are mirrored. Valid sampling intervals are generated one in every 2, 4, 8, 16, 32, 64, 128, 256, 512, 1k, 2k, 4k, 8k or 16k packets.

Note

 

Valid sampling intervals vary for different platforms.

Command Default

Ethernet is the default monitor session type.

Command Modes

Global configuration mode

Command History

Release

Modification

Release 6.1.1

This command was introduced.

Release 7.4.1

destination rx and destination tx keywords were added.

Release 25.3.1

A new keyword, application , was added to the destination keyword to specify a third-party application as the destination.

Usage Guidelines

Before you can assign a monitor session to a specific interface, you must configure it using the monitor-session command. The session-name should not be the same as any interface name.

In monitor session configuration mode, you should define the destination to be used in the traffic mirroring session using the destination command. The session will be non-operable until a destination is configured for the session.

Ethernet is the default monitor session type.

Inject interfaces are only supported for Ethernet monitor sessions with pseudowire destinations, and should be configured to be one of the session's source interfaces.

Examples

This example shows how to enter monitor session configuration mode: 


Router(config)# monitor-session mon1
Router(config-mon)#

monitor-session (interface)

To associate a traffic mirroring session with a specific interface, use the monitor-session command in interface configuration mode or dynamic-template configuration mode. To remove the association between a traffic mirroring session and an interface, use the no form of this command.

monitor-session session-name

acl port-level destination [ rx | tx ] { interface | pseudowire | nexthop | file | udp | sflow | application } [ destination { rx | tx } ] [ discard class { 0-7 } ] [ traffic class { 0-7 } ] [ mirror { first | bytes } ] [ inject-interface { bvi | bundle-ether | EightHundredGigE | FastEthernet | FiftyGigE | FortyGigE | FourHundredGigE | GigabitEthernet | HundredGigE | TenGigE | TwentyFiveGigE | TwoHundredGigE } ] [ direction { rx-only | tx-only | bytes } ] [ mirror-interval ]

[ { rx | interface | | tx | interface } ]

Syntax Description

session-name

Name of the monitor session to configure.

acl

Allows you to enable acl-based mirroring.

direction

Allows you to specify the direction of traffic to replicate.

ethernet

Allows you to replicate Ethernet traffic.

port-level

Specifies port-level mirroring.

mirror {first}

Specifies that only the first x bytes of a packet to be mirrored to the destination.

rx-only

Specifies that only ingress traffic is replicated.

tx-only

Specifies that only egress traffic is replicated.

rxinterface

Specifies the ingress traffic and its destination.

txinterface

Specifies the egress traffic and its destination.

mirror-interval

Specifies that sampling of traffic is performed on all sessions. Only the sampled packets are mirrored. Valid sampling intervals are generated one in every 2, 4, 8, 16, 32, 64, 128, 256, 512, 1k, 2k, 4k, 8k or 16k packets.

Command Default

Replicates both ingress and egress traffic.

Command Modes

Interface configuration

Command History

Release

Modification

Release 6.1.1

This command was introduced.
Release 7.4.1

The rxinterface and txinterface keywords were added.

Usage Guidelines

Before you can associate a traffic mirroring session to a specific interface, you must define it using the monitor-session global configuration command. After the traffic mirroring session is defined, use the monitor-session interface configuration command to associate this session with a specific source interface. When the session is associated, all specified traffic on the interface is then replicated to the destination location defined in the monitor session configuration.

The monitor-session interface configuration command also enters monitor session configuration mode for you to configure additional features of the mirroring session.

Task ID

Task ID

Operations

interface

read, write

config-services

read, write

Examples

This example shows a sample configuration of the monitor-session command in the interface configuration mode: 


Router# configure 
Router(config)# interface gigabitethernet0/0/0/11
Router(config-if)# monitor-session mon1 port-level direction rx-only
Router(config-if-mon)mirror first 101#

Examples

This example shows a sample to configure separate interface destination for incoming (rx) and outgoing (tx) traffic:
Router# configure
Router(config)# monitor-session mon1 ethernet
Router(config-mon)# monitor-session foo ethernet destination rx interface tenGigE 0/0/0/0
Router(config-mon)# monitor-session foo ethernet destination tx interface tenGigE 0/0/0/1
Router(config-if)# end
Router(config)#

monitor session ERSPAN ACL

This command defines a monitor session, and enters monitor session configuration mode.

monitor-session ERSPAN ethernet direction {rx-only | port-level | acl}

Syntax Description

ERSPAN

Name of the session.

ethernet

Replicates Ethernet traffic.

direction

Use the direction keyword to specify that only ingress or egress traffic is mirrored.

monitor-session session-name [direction { rx-only | tx-only ]

rx-only

Specifies that only ingress traffic is mirrored.

port-level

Use this port level command to mirror all traffic types.

acl

The ACL that is attached in the ingress interface.

  • Even when the acl command is configured on the source mirroring port, if the ACL configuration command does not use the capturekeyword, no traffic gets mirrored.

  • If the ACL configuration uses the capture keyword, but the acl command is not configured on the source port, although traffic is mirrored, no access list configuration is applied.

  • All ingress traffic is mirrored.

Command Default

No default behavior or values

Command Modes

Route-policy configuration

Command History

Release

Modification

Release 6.6.1

This command was introduced.

Task ID

Task ID

Operations

route-policy

read, write

Examples

RP/0/RP0/CPU0: pyke-008#sh run monitor-session ERSPAN
monitor-session ERSPAN ethernet
destination interface tunnel-ip1
!
 
RP/0/RP0/CPU0:pyke-008#sh run int tunnel-ip 1
interface tunnel-ip1
ipv4 address 4.4.4.1 255.255.255.0
tunnel mode gre ipv4
tunnel source 20.1.1.1
tunnel destination 20.1.1.2
!

show monitor-session status

To display status information about configured traffic mirroring sessions, use the show monitor-session status command in XR EXEC mode.

show monitor-session [session-name] status [detail] [errors]

Syntax Description

session-name

Name of the monitor session to configure.

detail

Displays the full error string for any errors.

errors

Displays all sessions, but only source interfaces with errors are displayed (if no source interfaces have errors, then 'No errors' is displayed).

Command Default

No default behavior or values

Command Modes

XR EXEC mode

Command History

Release

Modification

Release 6.1.1

This command was introduced.

Usage Guidelines

The show monitor-sessions status command displays the following information:

  • Destination information for the session (including the name of the interface).
  • Destination status (interface state).
  • List of source interfaces.
  • Any other status information that may be pertinent, such as a software or hardware error that would stop sessions operating correctly. If an error is returned from interactions with another component, then the full error string is only displayed in detail output; standard tabular output reports that there has been an error but refers the user to the detailed output.

Examples

This example shows sample output from the show monitor-session status command: 


Router# show monitor-session status  

Monitor-session foo
Destination interface GigabitEthernet 0/0/0/0
================================================================================
Source Interface      Dir   Status
--------------------- ----  ----------------------------------------------------
Gi0/1/0/0.10          Both  Operational
Gi0/1/0/0.11          Rx    Operational
Gi0/1/0/0.12          Tx    Operational

This example shows the sample output for the show monitor-session status detail command: 


Router show monitor-session status detail

Monitor-session foo
  Destination interface GigabitEthernet 0/0/0/0
  Source Interfaces
  -----------------
  GigabitEthernet 0/1/0/0.100:
    Direction: Both
    Status:    Operating
  GigabitEthernet 0/2/0/0.200:
    Direction: Rx
    Status:    Error: <blah>

Monitor session bar
  No destination configured
  Source Interfaces
  -----------------
  GigabitEthernet 0/3/0/0.100:
    Direction: Rx
    Status:    Not operational(no destination interface)

Examples

This example shows a sample output for the show monitor-session status command for mirror-first option:
Monitor-session foo mirror-first 101
Destination interface GigabitEthernet 0/0/0/0
================================================================================
Source Interface      Dir   Status
--------------------- ----  ----------------------------------------------------

udf

To configure user-defined fields (UDFs), use the udf command in monitor session configuration mode. To remove the UDF field definitions, use the no form of this command.

udf udf-name header {inner | outer} {l2 | l3 | l4} offset offset-in-bytes length length-in-bytes

no udf udf-name header {inner | outer} {l2 | l3 | l4} offset offset-in-bytes length length-in-bytes

Syntax Description

udf-name

Name of the UDF.

header

Specifies the header.

inner

Specifies the offset base from inner header.

outer

Specifies the offset base from outer header.

l2

Specifies the offset base from Layer 2 header.

l3

Specifies the offset base from Layer 3 header.

l4

Specifies the offset base from Layer 4 header.

offset offset-in-bytes

Specifies the offset from the offset base, in bytes.

Note

 

The maximum offset is 63 bytes from the start of any header.

length length-in-bytes

Specifies the length from the offset, in bytes. Range: 1 to 4 bytes.

Command Default

No default behavior or values

Command Modes

Monitor session configuration

Command History

Release

Modification

Release 6.1.3

This command was introduced.

Usage Guidelines

UDFs for Layer 2 inner header is not supported.

Examples

This example shows how to confgure UDFs: 


Router(config)# udf udf-test header outer l3 offset 4 length 4