AOS-CX Switch Simulator

Hi Teams
is that possible to configure Traffic/Port Mirroring with filter possibility? for example Mirroring only for DNS and other protocols/traffics ignore. Thank you

------------------------------
Filmon Eyob
------------------------------

Hi Filmon,

According latest Release Notes https://www.arubanetworks.com/techdocs/AOS-CX/10.09/RN/rn_ova_10-09-0002.pdf Mirroring feature and Classifier Policy feature are configurable, but are non-functional (page 5). Otherwise if you are interested in such feature per se or would like to try it on a real gear, here is an example how to do it - https://www.arubanetworks.com/techdocs/AOS-CX/10.09/PDF/monitoring_8400.pdf , page 60, "Classifier policies and mirroring sessions".

------------------------------
Ivan Bondar
------------------------------

Original Message:
Sent: Jan 10, 2022 09:14 AM
From: Filmon Eyob
Subject: DNS traffic mirroring

Hi Teams
is that possible to configure Traffic/Port Mirroring with filter possibility? for example Mirroring only for DNS and other protocols/traffics ignore. Thank you

------------------------------
Filmon Eyob
------------------------------

Hello Ivan
thank you very much for your answer.
I did some tests but that could not help me to solve my problem. In Wirshark it mirrors everything . it is not filtered only for DNS as configured in Classifier.
Here is my configuration:
6300# config
6300(config)# mirror session 1

6300(config-mirror-1)# destination cpu
6300(config-mirror-1)# enable

class ip DNS
match udp any any eq 53
ignor any any any

policy DNS_Mirroring
class ip DNS action mirror 1

------------------------------
Filmon Eyob
------------------------------

Original Message:
Sent: Jan 10, 2022 01:30 PM
From: Ivan ivan.bondar@hpe.com
Subject: DNS traffic mirroring

Hi Filmon,

According latest Release Notes https://www.arubanetworks.com/techdocs/AOS-CX/10.09/RN/rn_ova_10-09-0002.pdf Mirroring feature and Classifier Policy feature are configurable, but are non-functional (page 5). Otherwise if you are interested in such feature per se or would like to try it on a real gear, here is an example how to do it - https://www.arubanetworks.com/techdocs/AOS-CX/10.09/PDF/monitoring_8400.pdf , page 60, "Classifier policies and mirroring sessions".

------------------------------
Ivan Bondar

Original Message:
Sent: Jan 10, 2022 09:14 AM
From: Filmon Eyob
Subject: DNS traffic mirroring

Hi Teams
is that possible to configure Traffic/Port Mirroring with filter possibility? for example Mirroring only for DNS and other protocols/traffics ignore. Thank you

------------------------------
Filmon Eyob
------------------------------

Have you tried to use as the destination a physical port on the switch, not CPU? The reason I am asking is that CPU can be hit with all kinds of traffic that needs its attention coming on all ports, like link-local packets like LLDP, routing protocols packets like OSPF Hello etc etc. It's been a while since I used this type of mirroring on AOS-CX and I don't remember if it has this specific, but it can be the case. Therefore in order to be sure you see only the traffic that is mirrored try to use physical interface as destination of the mirroring session. Also, I'd get rid of 'ignore any any any' in the policy and keep only the 'match' clause.

------------------------------
Ivan Bondar
------------------------------

Original Message:
Sent: Jan 11, 2022 02:05 AM
From: Filmon Eyob
Subject: DNS traffic mirroring

Hello Ivan
thank you very much for your answer.
I did some tests but that could not help me to solve my problem. In Wirshark it mirrors everything . it is not filtered only for DNS as configured in Classifier.
Here is my configuration:
6300# config
6300(config)# mirror session 1

6300(config-mirror-1)# destination cpu
6300(config-mirror-1)# enable

class ip DNS
match udp any any eq 53
ignor any any any

policy DNS_Mirroring
class ip DNS action mirror 1

------------------------------
Filmon Eyob

Original Message:
Sent: Jan 10, 2022 01:30 PM
From: Ivan ivan.bondar@hpe.com
Subject: DNS traffic mirroring

Hi Filmon,

According latest Release Notes https://www.arubanetworks.com/techdocs/AOS-CX/10.09/RN/rn_ova_10-09-0002.pdf Mirroring feature and Classifier Policy feature are configurable, but are non-functional (page 5). Otherwise if you are interested in such feature per se or would like to try it on a real gear, here is an example how to do it - https://www.arubanetworks.com/techdocs/AOS-CX/10.09/PDF/monitoring_8400.pdf , page 60, "Classifier policies and mirroring sessions".

------------------------------
Ivan Bondar

Original Message:
Sent: Jan 10, 2022 09:14 AM
From: Filmon Eyob
Subject: DNS traffic mirroring

Hi Teams
is that possible to configure Traffic/Port Mirroring with filter possibility? for example Mirroring only for DNS and other protocols/traffics ignore. Thank you

------------------------------
Filmon Eyob
------------------------------