Resolving and Tracking the Analyzer Device’s Address ! 177
Chapter 6: Packet Mirroring
For example, a value of 40000010 for VSA 26-59 configures the following fields in
the mirror header, as shown in Figure 13:
! MHV = 1
! Mirror Identifier = 0x10
Figure 13: 4-Byte Format of VSA 26-59
Resolving and Tracking the Analyzer Device’s Address
During the packet mirroring configuration process, you specify the IP address of the
analyzer device to which the mirrored traffic is sent. For CLI-based packet
mirroring, you use the mirror analyzer-ip-address command to specify the IP
address. For RADIUS-based packet mirroring, the RADIUS attribute
Analyzer-IP-Address [26-60] is the address of the analyzer device.
After configuration is complete, the router performs a route lookup to resolve the
analyzer device’s address and to ensure that traffic can be forwarded to the
analyzer device for analysis. However, the analyzer device is considered
unreachable if the router’s analyzer interface is not in analyzer mode, is not yet
created, or if the routes to the analyzer device are absent
If the analyzer device is unreachable, then the mirror action in the secure policy is
disabled, and no packets are mirrored. The show secure policy-list command
output indicates that the mirror action is disabled and the analyzer device is
unreachable.
The router tracks the analyzer device’s IP address for any route changes within the
router. This tracking ability provides a degree of failure recovery by enabling you to
configure multiple analyzer ports to serve as redundant ports to reach the analyzer
device.
Using Multiple Triggers
When you configure CLI-based packet mirroring, you can create multiple mirroring
rules for a particular subscriber. For example. you might create two rules; one that
uses IP address as the trigger that identifies the user and a second with the
subscriber’s username as the trigger. You can also configure RADIUS-based
mirroring to use multiple methods to identify subscribers.
To avoid conflicts between multiple mirroring rules, both CLI-based and RADIUS
based mirroring operations assign a precedence to the subscriber identification
triggers. When multiple rules are configured for the same subscriber, the rule with
the highest precedence is used to identify the subscriber.
g014393
4 0 0 0 0 0 1 0
MHV
(2 bits)
Mirror
identifier
To Next Page
Loading...
Need help?
General
