If you want to look into packets sent or received by a router, and there is no possible to display them by command, the simplest and fastest way is to use mirroring. Unfortunately, in case of AR routers, you have to go on-site to connect packets’ analyser (for example Wireshark). Comparing to NE routers, AR routers do not support remote mirroring.
There are two types of mirroring on AR routers:
Port mirroring is to copy all packets from mirroring port to another port, which is called monitor port. Monitor port is that where a monitoring device is connected to. AR routers support local port mirroring for inbound and outbound direction.
Traffic mirroring is to copy specified packets, by QoS policy, to a specific destination and send them to an interface for analysis. Traffic mirroring is supported on AR29 and AR49 routers.
Example of port mirroring configuration (system-view):
Create a local mirroring group:
[labnario] mirroring-group 1 local
Configure mirroring port (source port):
[labnario] mirroring-group 1 mirroring-port ethernet 1/2 inbound
Finally configure monitor port for local mirroring group:
[labnario] mirroring-group 1 monitor-port ethernet 1/1
Connect packets’ analyser to ethernet 1/1 and capture packets.
You can also configure port mirroring in interface view. The result is the same.
Example of traffic mirroring configuration:
Let’s assume that we have a host, with IP 10.255.1.10, connected to interface ethernet 1/2 of AR29 router. What we want to do is to monitor all packets being received from this host. As monitor port we will use interface ethernet 1/3.
Create ACL to permit all packets from source IP address 10.255.1.10:
[labnario] acl number 2100 [labnario-acl-basic-2100] rule permit source 10.255.1.10 0
Configure traffic classifier that match ACL 2100:
[labnario] traffic classifier mirroring [labnario-classifier-mirroring] if-match acl 2100
Configure traffic behavior that mirrors traffic to interface ethernet 1/3:
[labnario] traffic behavior mirroring [labnario-behavior-mirroring] mirror-to interface ethernet 1/3
Bind traffic classifier with traffic behavior to create qos policy and apply this policy to ethernet 1/2 as inbound:
[labnario] qos policy mirroring [labnario-qospolicy-mirroring] classifier mirroring behavior mirroring [labnario-qospolicy-mirroring] quit [labnario] interface ethernet 1/2 [labnario-Ethernet1/2] qos apply policy mirroring inbound
Connect packets’ analyser to ethernet 1/3 and capture packets.