RackSwitch G8000 Application Guide

Monitoring Ports

The port mirroring feature in the G8000 allows you to attach a sniffer to a monitoring port that is configured to receive a copy of all packets that are forwarded from the mirrored port. The G8000 enables you to mirror port traffic for all layer 2 and layer 3. Port mirroring can be used as a troubleshooting tool or to enhance the security of your network. For example, an IDS server can be connected to the monitor port to detect intruders attacking the network.

As shown in Figure A-1, port 13 is monitoring ingress traffic (traffic entering the switch) on port 2 and egress traffic (traffic leaving the switch) on port 12. You can attach a device to port 13 to monitor the traffic on ports 2 and port 12.

Ingress

Egress

Mirrored ports

Monitor port

Figure A-1Monitoring Ports

Figure A-1shows two mirrored ports monitored by a single port. Similarly, you can have a single or groups of:

„one mirrored port to one monitored port

„more than two mirrored ports to one monitored port

The G8000 supports four monitor ports. The G8000 does not support a single port being monitored by multiple ports.

Ingress and egress traffic is duplicated and sent to the monitor port after processing.

140 „ Appendix A: Troubleshooting

BMD00041, November 2008

Page 140
Image 140
Blade ICE G8000 manual Figure A-1Monitoring Ports