The Setup:
- You have an MX80 with three ISP connections out to the internet.
- Ports ge-1/0/0, ge-1/0/1, ge-1/0/2, and ge-1/0/3 all need to have their traffic mirrored
- Bandwidth for all ports combined is 300 Mbps…so it will not be a problem with utilization another Gig Port to dump all data to
- Port ge-1/0/4 is the port on the MX80 connecting directly to the Security Appliance
- You have a security appliance with a TAP port configured to sniff all data transiting the MX 80
- NO IP Address is assigned
- You can obtain the MAC address which in this case is: 00:1b:17:37:17:24
The Problem:
On Cisco NX-OS it’s very simple to accomplish:
monitor session 1
The Solution:
set forwarding-options port-mirroring input run-length 1
set forwarding-options port-mirroring family inet output interface ge-1/0/4.0 next-hop 1.1.1.2
set forwarding-options port-mirroring family inet output no-filter-check
Note: See Step #4 in terms of why we choose the next hop to be 1.1.12
Step #2: Setup a firewall to mirror the port traffic
set firewall family inet filter port-mirror term 1 then port-mirror
set firewall family inet filter port-mirror term 1 then accept
set firewall family inet filter port-mirror term 2 then accept
Step #3: Map The Ports you want to mirror with the firewall filter
set interfaces ge-1/0/0 unit 0 family inet filter output port-mirror
set interfaces ge-1/0/1 unit 0 family inet filter input port-mirror
set interfaces ge-1/0/1 unit 0 family inet filter output port-mirror
set interfaces ge-1/0/2 unit 0 family inet filter input port-mirror
set interfaces ge-1/0/2 unit 0 family inet filter output port-mirror
set interfaces ge-1/0/3 unit 0 family inet filter input port-mirror
set interfaces ge-1/0/3 unit 0 family inet filter output port-mirror