Q:
How to utilize the 'mirror' option in user-roles?
User-roles in Aruba OS has the filed 'mirror' which can be utilized to monitor traffic and help in troubleshooting purpose.
Below outputs are taken from Aruba 7010 controller running 6.4.3.9. This setup will show to how to mirror client/AP traffic to a laptop running sniffing software.
(Aruba) #show version Aruba Operating System Software. ArubaOS (MODEL: Aruba7010), Version 6.4.3.9 (Aruba) #show ap database AP Database ----------- Name Group AP Type IP Address Status Flags Switch IP Standby IP ---- ----- ------- ---------- ------ ----- --------- ---------- 04:bd:88:c2:38:b0 default 205 10.17.169.94 Up 23d:8h:44m:18s 10.17.169.68 0.0.0.0 #Create an access-list as below: (Aruba) #show ip access-list monitor ip access-list session monitor monitor ------- Priority Source Destination Service Application Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6 Contract -------- ------ ----------- ------- ----------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------------- ------ -------- 1 10.17.169.94 any any permit Low Yes 4 2 any 10.17.169.94 any permit Low Yes 4 3 any any any permit Low 4 #Configure the ip-address of the laptop running sniffer to which the capture has to be sent. (Aruba) #packet-capture destination ip-address 10.20.102.210 (Aruba) #show packet-capture Active Capture Destination -------------------------- Destination IP 10.20.102.210 #Add the access-list to the Controller Interface as shown below: (Aruba) #show port stat Port Status ----------- Slot-Port PortType AdminState OperState PoE Trusted SpanningTree PortMode Speed Duplex --------- -------- ---------- --------- --- ------- ------------ -------- ----- ------ 0/0/15 GE Enabled Up N/A Yes Disabled Access 1 Gbps Full (ctrl-B) (config) #interface gigabitethernet 0/0/15 (ctrl-B) (config-if)#ip access-group monitor session (ctrl-B) (config-if)#exit Once the configuration has been done we need to make sure any existing session for that ip has to be deleted. (Aruba) #session delete 10.17.169.94 ==> run this multiple times. To confirm if the mirroring works or not, check for 'M' flag in the 'datapath session table' for the ip address. (Aruba) #show datapath session table 10.17.169.94 Datapath Session Table Entries ------------------------------ Flags: M - mirror Source IP Destination IP Prot SPort DPort Cntr Prio ToS Age Destination TAge Packets Bytes Flags --------------- --------------- ---- ----- ----- -------- ---- --- --- ----------- ---- --------- --------- --------------- 10.17.169.94 10.17.169.70 17 8211 8419 1/0 0 0 1 0/0/15 7 0 0 FYMCI 10.17.169.94 10.17.169.70 17 8211 8222 1/0 0 0 1 0/0/15 8 0 0 FYMCI 10.17.169.70 10.17.169.94 17 8211 8211 0/0 0 0 0 0/0/15 8 0 0 FYMI 10.17.169.70 10.17.169.94 17 8222 8211 0/0 0 0 0 0/0/15 8 0 0 FYMI 10.17.169.70 10.17.169.94 47 0 0 0/0 0 0 0 0/0/15 46 68 5984 FM 10.17.169.94 10.17.169.70 47 0 0 0/0 0 40 0 0/0/15 46 73 6424 FMC 10.17.169.70 10.17.169.94 17 8419 8211 0/0 0 0 0 0/0/15 7 0 0 FYMI 10.17.169.94 10.17.169.70 17 8211 8211 1/0 0 0 0 0/0/15 8 17 16293 FMCI (Aruba) #show acl hits Port Based Session ACL ---------------------- Policy Src Dst Service/Application Action Dest/Opcode New Hits Total Hits Index Ipv4/Ipv6 ------ --- --- ------------------- ------ ----------- -------- ---------- ----- --------- monitor 10.17.169.94 any any permit 1242 1242 639 ipv4 monitor any any any permit 4154 4154 641 ipv4
© Copyright 2024 Hewlett Packard Enterprise Development LPAll Rights Reserved.