Connecting to Avaya ERS/Nortel Baystack CLI
If a switch you are connecting to has an IP address and you still chose to configure it via CLI, you can use telnet to connect to the switch. Otherwise you will need a serial cable to connect to the front of the switch with the following settings:
- Bits per second: 9600
- Data bits: 8
- Parity bits: None
- Stop bits: 1
- Harware acceleration: None
Once connected (wether via telnet or serial), press Ctrl+Y to open the switch management menu (you will be prompted for password if cli password parameter has been set):
Using switch management menu
Avaya ERS series have a CLI that contains, besides the traditional command line, a convenient management menu that can be used to configure port mirroring. To access the Port Mirroring sub-menu from the switch management menu, navigate to Switch Configuration --> Port Mirroring Configuration:
While port mirroring is disabled, you will only be able to access one field - "Monitoring Mode", which will show "Disabled". To enable the monitoring, press the spacebar on that field until you see the desired mode:
-> Port X (mirror all the traffic coming into specified port on the switch)
Port X -> (mirror all the traffic coming out of the specified port on the switch)
<-> Port X (mirror both incoming and outgoing traffic on a specified switchport)
-> Port X or Port Y -> (mirror all traffic coming into port X or coming out of port Y on the switch)
-> Port X and Port Y -> (mirror all traffic coming into port X and coming out of port Y on the switch)
<-> Port X and Port Y <-> (mirror both incoming and outgoing traffic on two ports of the switch)
Address A -> Any address (mirror switch traffic from a specified MAC address to any other destination)
Any address -> Address A (mirror switch traffic from any destination to a specified MAC address)
<-> Address A (mirror all draffic to and from a specific MAC address)
Address A -> Address B (mirror all traffic from MAC address A to MAC address B)
Address A -> Address B (mirror all traffic between two specified MAC addresses)
Once you have selected a desired mirroring mode, press the Enter key to apply it and proceed with selecting the ports. You will see a prompt appear on the bottom asking you "Is your port mirroring configuration complete? [No]" and the cursor will move to the next available field:
In this case we are configuring port mirroring all traffic coming in and out of port 2 to port 21, where our laptop with a sniffing program running is attached, so in this case "Monitor Unit/Port" will be "21" and "Unit/Port X" value will be "2" (unit value only needs to be specified on stacked switches, when there is more than one switch present in the farm):
All traffic coming in and out of port X will no be getting transmitted out of port 21 of the switch for you to capture and analyse. To disable the port-mirroring, highlight the "Monitoring Mode" and use Spacebar to toggle it to "Disabled", then press Enter and select "Yes" on the port mirroring configuration confirmation dialogue and again press Enter to confirm. You will see the "Port mirroring has been disabled." message on the screen and the active port mirroring field will be blank:
You can use the Ctrl+R key combination to exit the port mirroring configuration screen and navigate back to the main switch management menu. Select "Logout" in the main manu to logout from the switch.
Using the command line
You can access the traditional switch command line from the main switch management menu by selecting the "Command Line Interface" menu item:
Once in the command line, you will need to enter the configuration mode by using the following commands:
enable [press Enter] (command line suffix will change from ">" to "#")
configure terminal [press Enter] (command line suffix will change to "(config)#")
The port-mirroring command uses the following format:
port-mirroring mode [mode] monitor-port [unit/port] (mirror-port-X [unit/port]/mirror-port-Y [unit/port]/mirror-MAC-A [####.####.####]/mirror-MAC-B [####.####.####])
Where ####.####.#### is the MAC address and mode could be any of the following:
disable (disable port mirroring)
Adst (mirror packets with destination MAC address A)
Asrc (mirror packets with source MAC address A)
AsrcBdst (mirror packets with source MAC address A and destination MAC address B)
AsrcBdstOrBsrcAdst (mirror packets with source MAC address A and destination MAC address B, or packets with source MAC address B and destination MAC address A)
AsrcOrAdst (mirror packets with source or destination MAC address A)
ManytoOneRx (many to one port mirroring ingress traffic)
ManytoOneRxTx (any to one port mirroring ingress & egress traffic)
ManytoOneTx (many to one port mirroring egress traffic)
Xrx (mirror packets received on port X)
XrxOrXtx (mirror packets received or transmitted on port X)
XrxOrYtx (mirror packets received on port X or transmitted on port Y)
XrxYtx (mirror packets received on port X and transmitted on port Y)
XrxYtxOrYrxXtx (mirror packets received on port X and transmitted on port Y, or packets received on port Y and transmitted on port X)
Xtx (mirror packets transmitted on port X)
For example, for the same mirroring configuration as was created above using the management menu:
(config)#port-mirroring mode XrxOrXtx monitor-port 21 mirror-port-X 2
To check whether the port mirroring is running, you can use the following command
(config)#show port-mirroring
Monitoring Mode: XrxOrXtx ( <-> Port X )
Monitor Unit/Port: 21
Unit/Port X: 2
To disable port mirroring use the following command:
(config)#no port-mirroring
The "show port-mirroring" command will now show that it is diabled:
(config)#show port-mirroring
Monitoring Mode: Disabled
To mirror all traffic coming to and from a certain MAC address (useful if mirroring a trunk port, or a server with multiple "teamed" network cards):
port-mirroring mode AsrcOrAdst monitor-port 21 mirror-MAC-A 000A.B1C2.D4E5
Note that MAC address annotation does not follow the usual ##-##-##-##-##-## or ##:##:##:##:##:## formats in this case, but rather a ####.####.#### format.
8 comments:
Excellent in both scope and presentation. Very easy to understand
thank you
very good Explanation
thanks very good..
Can you mirror multiple ports (more than 2) as source to one destination port where you have your sniffer? would this do it: ManytoOneRxTx (any to one port mirroring ingress & egress traffic)
It's been a while since I worked with this, and my initial response is that yes - you should be able to do it with the ManytoOneRxTx command ("ManytoOneRxTx monitor-port X mirror-ports Y, Z, W"). However, just doing some quick online searches for the syntax, it looks like it may depend on the switch model/firmware version - at least some of the documentation is suggesting that this command works with MAC addresses as opposed to port numbers ("ManytoOneRxTx monitor-port X mirror-MAC-A aaaa.bbbb.cccc"). Hope this helps.
is there a way to sniff the same port (source) to two diffrent sniffers (dest) on 5520 platform?
(this option should be called OneToMany)
It appears that you can only make 1 session...I tried making different sessions but everything I did gets replaced by the last one I created...so I think it is not possible... If you can make several sessions then it would be possible...
I successfully loaded this configuration on 4550T switch:
port-mirroring mode ManytoOneRxTx monitor-port 48 mirror-ports 45-47 so yes it is possible.... After typing port-mirroring mode ManytoOneRxTx monitor-port 48 ?...the ONLY option that became available is mirror-ports...emphasis on the PORTSSSSS
Post a Comment