Versions Compared

Old Version 62

changes.mady.by.user Edgars P.

Saved on

compared with

New Version Current

changes.mady.by.user Edgars P.

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Additionally, you can set the mirror-target port to a special value "cpu", which means that the copied packets will be sent to the switch chip's CPU port.

Configuration examples

There are various methods for mirroring specific types of traffic, and below are some common examples of how mirroring can be used.

Port Based Mirroring

Starting from RouterOS version 7.15, it is possible to configure multiple source ports and selectively choose whether to mirror incoming traffic, outgoing traffic, or both. In this example, both incoming and outgoing traffic from the ether2 interface will be copied and sent to the ether3 interface for monitoring or analysis.

...

Sub-menu: /interface/ethernet/switch

PropertyDescription
mirror-target (cpu | name | none; Default:none)

Selects a single mirroring target port. Packets from mirror-egress and mirror-ingress (/interface/ethernet/switch/port) and mirror (/interface/ethernet/switch/rule) will be sent to the selected port.

rspan (no | yes; Default: no)Enables Remote Switch Port Analyzer (RSPAN) feature on mirror-target. Traffic marked for ingress or egress mirroring is carried over a specified remote analyzer VLAN - rspan-egress-vlan-id and rspan-ingress-vlan-id.
rspan-egress-vlan-id (integer: 1..4095; Default: 1)Selects the VLAN ID for marked egress traffic. Only applies when rspan is enabled.
rspan-ingress-vlan-id (integer: 1..4095; Default: 1)Selects the VLAN ID for marked ingress traffic. Only applies when rspan is enabled.

Sub-menu: /interface/ethernet/switch/port

PropertyDescription
mirror-egress (no | yes; Default: no)

Whether to send egress packet copy to the mirror-target port.

mirror-ingress (no | yes; Default: no)

Whether to send ingress packet copy to the mirror-target port.

Sub-menu: /interface/ethernet/switch/rule

PropertyDescription
mirror (no | yes; Default: no)Whether to send a packet copy to mirror-target port.

Traffic Shaping

...

It is possible to limit ingress traffic that matches certain parameters with ACL rules and it is possible to limit ingress/egress traffic per port basis. The policer is used for ingress traffic, the shaper is used for egress traffic. The ingress policer controls the received traffic with packet drops. Everything that exceeds the defined limit will get dropped. This can affect the TCP congestion control mechanism on end hosts and achieved bandwidth can be actually less than defined. The egress shaper tries to queue packets that exceed the limit instead of dropping them. Eventually, it will also drop packets when the output queue gets full, however, it should allow utilizing the defined throughput better.

...