DEFVAL { 2 }
::= { hpicfBridgeMirrorSessionEntry 2 }
Operating notes
The following conditions apply for the
no-tag-added
option:
• The specified port can be a physical port, trunk port, or mesh port.
• Only a single logical port (physical port or trunk) can be associated with a mirror session when the
no-tag-
added
option is specified. No other combination of ACL mirroring, VLAN mirroring, or port mirroring can be
associated with the mirror session. If more than one logical port is specified, the following error message is
displayed:
Cannot monitor more than one logical port with no-tag-added option
• If a port changes its VLAN membership and/or untagged status within the VLAN, the "untagged port mirroring"
associated with that port is updated when the configuration change is processed.
• Only four ports or trunks can be monitored at one time when all four mirror sessions are in use (one logical
port per mirror session) without VLAN tags being added to a mirrored copy.
• The
no-tag-added
option can also be used when mirroring is configured with SNMP.
• A VLAN tag is still added to the copies of untagged packets obtained via VLAN-based mirroring.
About selecting inbound/outbound traffic using a MAC address
Use the
monitor mac mirror
command at the global configuration level to apply a source and/or destination
MAC address as the selection criteria used in a local or remote mirroring session.
While classifier-based mirroring allows you to mirror traffic using a policy to specify IP addresses as selection
criteria, MAC-based mirroring allows you monitor switch traffic using a source and/or destination MAC address.
You can apply MAC-based mirroring in one or more mirroring sessions on the switch to monitor:
• Inbound traffic
• Outbound traffic
• Both inbound and outbound traffic
MAC-based mirroring is useful in Switch Network Immunity security solutions that provide detection and response
to malicious traffic at the network edge. After isolating a malicious MAC address, a security administrator can
mirror all traffic sent to and received from the suspicious address for troubleshooting and traffic analysis.
The MAC address that you enter with the
monitor mac mirror
command is configured to select traffic for
mirroring from all ports and learned VLANs on the switch. Therefore, a suspicions MAC address used in wireless
applications can be continuously monitored as it re-appears in switch traffic on different ports or VLAN interfaces.
You can configure MAC-based mirroring from the CLI or an SNMP management station and use it to mirror:
• All inbound and outbound traffic from a group of hosts to one destination device.
• Inbound and/or outbound traffic from each host to a different destination device.
• Inbound and outbound traffic from all monitored hosts separately on two destination devices: mirroring all
inbound traffic to one device and all outbound traffic to another device.
Restrictions
The following restrictions apply to MAC-based mirroring:
434
Aruba 2930F / 2930M Management and Configuration Guide
for ArubaOS-Switch 16.08