Network Traffic Mirroring

Network Traffic Mirroring can only be configured by a network administrator with sudo access. Only a command line interface is available for this feature.

These commands work on the primary Lighthouse to enable network traffic mirroring, however secondary lighthouses can use --test and --status to check if the network traffic mirroring is in use.

Command Argument		Description
traffic_mirroring --help		Display usage information and exit
traffic_mirroring --test		Test the setup by sending a single ping on each VPN and attempt to confirm that the current setup is valid, and the correct rules and interfaces exist, and the destination IP is reachable.
traffic_mirroring --disable		Disable network traffic mirroring
traffic_mirroring --status		Get the current status of the traffic mirroring config
traffic_mirroring --enable --destination-ip <ip_address>		Enable network traffic mirroring and configure the destination IP address where mirrored packets will be sent to (for example, IDS).
traffic_mirroring --enable --destination-ip <ip_address> --vlan-id <vlan_number>		Enable network traffic mirroring, configure the destination IP address, and configure the VLAN tag for all mirrored packets.
traffic_mirroring --enable --destination-ip <ip_address> --vlan-id <vlan_number> --ignore-multi-instance		Enable network traffic mirroring, configure the destination IP address, configures the VLAN tag and not mirror traffic between multi-instances Lighthouses.
traffic_mirroring --enable --destination-ip <ip_address> --vlan-id <vlan_number> --instance-id <lighthouse_instance_id>		Enable network traffic mirroring, configure the destination IP address, configure the VLAN tag, and configure the instance ID of the lighthouse for which to configure traffic mirroring. If --instance-id is omitted, then all Lighthouses in a multi-instances will be configured for traffic mirroring.