Configuring Port and VLAN Mirroring

Port mirroring is used on a network device to send a copy of network packets seen on one device port, multiple device ports, or an entire VLAN to a network monitoring connection on another port on the device. This is commonly used for network appliances that require monitoring of network traffic, such as an intrusion- detection system. A network analyzer connected to the monitoring port processes the data packets for diagnosing, debugging, and performance monitoring. Up to eight sources can be mirrored. This can be any combination of eight individual ports and/or VLANs.

A packet that is received on a network port assigned to a VLAN that is subject to mirroring is mirrored to the analyzer port even if the packet was eventually trapped or discarded. Packets sent by the device are mirrored when Transmit (Tx) mirroring is activated.

Mirroring does not guarantee that all traffic from the source port(s) is received on the analyzer (destination) port. If more data is sent to the analyzer port than it can support, some data might be lost.

VLAN mirroring is not active on a VLAN that was not manually created. For example, if VLAN 23 was created by GVRP, and you manually created VLAN 34, and you create port mirroring that includes VLAN 23, VLAN 34, or both, and later on delete VLAN 34, the status in port mirroring is set to Not Ready, because the VLAN34 is no longer in the database and VLAN23 was not created manually.

Only one instance of mirroring is supported system-wide. The analyzer port (or target port for VLAN mirroring or port mirroring) is the same for all the mirrored VLANs or ports.

To enable mirroring:

1. Click Administration > Diagnostics > Port and VLAN Mirroring.

This page contains the following fields:

• Destination Port—Port to which traffic is to be copied; the analyzer port.
• Source Interface—Interface, port, or VLAN from which traffic is sent to the analyzer port.
• Type—Type of monitoring: incoming to the port (Rx), outgoing from the port (Tx), or both.
• Status— Displays one of the following values:
• Active—Both source and destination interfaces are up and forwarding traffic.
• Not Ready—Either source or destination (or both) are down or not forwarding traffic for some reason.
2. Click Add to add a port or VLAN to be mirrored.
3. Enter the parameters:
• Destination Port—Select the analyzer port to where packets are copied. A network analyzer, such as a PC running Wireshark, is connected to this port. If a port is identified as an analyzer destination port, it remains the analyzer destination port until all entries are removed.
• Source Interface—Select the source port or source VLAN from where traffic is to be mirrored.
• Type—Select whether incoming, outgoing, or both types of traffic are mirrored to the analyzer port. If Port is selected, the options are:
• Rx Only—Port mirroring on incoming packets.
• Tx Only—Port mirroring on outgoing packets.
• Tx and Rx—Port mirroring on both incoming and outgoing packets.
4. Click Apply. Port mirroring is added to the Running Configuration.