Create

nectl mirror erspan create [flags]

  nectl mirror erspan create --interface-id <interface-id>
  nectl mirror erspan create --interface-id <interface-id> --direction ingress
  nectl mirror erspan create --interface-id <interface-id> --direction egress
  nectl mirror erspan create --interface-id <interface-id> --remote-ip <ip> --filter-protocol tcp --filter-destination-port 443

      --df-default string                Do-not-fragment default
  -d, --direction string                 Direction of mirror (default "both")
      --dst-port string                  Destination UDP port
      --egress-pkt-mark string           Egress packet mark
      --erspan-dir string                ERSPAN direction
      --erspan-hwid string               ERSPAN hardware ID
      --erspan-idx string                ERSPAN index
      --erspan-ver string                ERSPAN version
      --filter-destination-ip string     Destination IP address or CIDR
      --filter-destination-port uint32   Destination L4 port (TCP/UDP only)
      --filter-dl-dst string             Match destination MAC address
      --filter-dl-dst-mask string        Mask for destination MAC
      --filter-dl-src string             Match source MAC address
      --filter-dl-src-mask string        Mask for source MAC
      --filter-dscp uint32               IP DSCP (0..63)
      --filter-icmp-code string          ICMP codes (comma-separated, e.g., PortUnreachable)
      --filter-icmp-type string          ICMP types (comma-separated, e.g., Echo,DestinationUnreachable)
      --filter-protocol string           Protocol (ip|tcp|udp|sctp|icmp) or use --filter-protocol-num
      --filter-protocol-num uint32       Numeric protocol value (overrides --filter-protocol)
      --filter-source-ip string          Source IP address or CIDR (e.g., 10.0.0.0/24)
      --filter-source-port uint32        Source L4 port (TCP/UDP only)
      --filter-tcp-flags-mask string     TCP flags mask (comma-separated)
      --filter-tcp-flags-set string      TCP flags set (comma-separated, e.g., SYN,ACK)
      --filter-ttl uint32                IP TTL (1..255)
      --filter-vlan-id uint32            Match VLAN ID (0..4094)
      --filter-vlan-mask uint32          Mask for VLAN ID
      --filter-vlan-none                 Match frames with no VLAN tag
  -h, --help                             help for create
      --id string                        Mirror ID
      --in-key string                    Inbound tunnel key
      --interface-id string              Interface ID
      --key string                       Flow key
      --local-ip string                  Local IP address
      --out-key string                   Outbound tunnel key
      --remote-ip string                 Remote IP address
      --tos string                       Type of service
      --ttl string                       Time to live

      --host string   gRPC server host (default "127.0.0.1")
      --port uint16   gRPC server port (default 30666)