Comware

Hello,

I have two 5940 in IRF stack using FortyGig interfaces with some VLANs. Access switches are connected via Bridge Aggregation interfaces (LACP).

I need to mirror all traffic from VLAN 10 to destination interface where wireshark is connected. I found that mirroring is supported only in IRF standalone (one device) and the mirrored traffic cannot pass IRF links.

When I configure local mirroring on one IRF memeber (from physical interface to physical interface) it works.

My config:

mirroring-group 1 local
mirroring-group 1 mirroring-port Vlan-interface 10 both
mirroring-group 1 monitor-port Ten-GigabitEthernet 1/0/20
  The type of the mirroring port in the mirroring group is not supported.

Is there any solution how to mirror traffic from VLAN 10 interface from both 5940 in IRF?

For example old Cisco 3750 supports this situation.

Thank you

Tom

Hi !

I did not understand your real problem, but ..

Mirroring the traffic of a vlan or vlan interface inside an IRF does not work .... at least that did not work.

You have two options how can you get around this when using IRF.
1. You can mirror every port that belongs to the VLAN and send that traffic to a monitor port.
2. You can create a QoS policy and have the action be mirrored traffic.

Hello,

I configured the QoS policy and it is working. But it mirrors traffic from every VLAN. If I specify only the VLAN 10 subnet in ACL it does not match.

The simplified topology:

 My config is:

traffic classifier mirror-class operator and
if-match acl 2000
#
traffic behavior mirror-behavior
mirror-to interface Ten-GigabitEthernet1/0/2
#
qos policy mirror-policy
classifier mirror-class behavior mirror-behavior
#
interface Bridge-Aggregation99
description Access-switch
port link-type trunk
port trunk permit vlan all
link-aggregation mode dynamic
qos apply policy mirror-policy inbound
qos apply policy mirror-policy outbound
#
acl number 2000
rule 10 permit source 10.10.10.0 0.0.0.255
rule 10 comment "MIRROR VLAN 10 SUBNET"
rule 20 deny
#