Enterasys Networks 9034313-07 Port Mirroring

Port Mirroring

7-36 Port Configuration

Port Mirroring

TheSecureStackC3deviceallowsyoutomirror(orredirect)thetrafficbeingswitchedonaport

forthepurposesofnetworktrafficanalysisandconnectionassurance.Whenportmirroringis

enabled,oneportbecomesamonitorportforanotherportwithinthedevice.

TheSecureStackC3devicesupportsthefollowingmirroringfeatures:

• Mirroringcanbeconfiguredinamany‐to‐oneconfigurationsothatonetarget(destination)

portcanmonitortrafficonupto8sourceports.Onlyonemirrordestinationportcanbe

configuredperstack,ifapplicable.

•Bothtransmitandreceivetrafficwillbemirrored.

•Adestinationportwillonlyactasamirroringportwhenthesessionisoperationallyactive.

•Whenaportmirroriscreated,themirrordestinationportisremovedfromtheegresslistof

VLAN1afterareboot.

•MACaddresseswillbelearnedforpacketstaggedwiththemirrorVLANID.Thiswill

preventtheabilitytosnooptrafficacrossmultiplehops.

Remoteportmirroringisanextensiontoportmirroringwhichfacilitatessimultaneousmirroring

ofmultiplesourceportsonmultipleswitchesacrossanetworktooneormoreremotedestination

ports.

Remoteportmirroringinvolvesconfigurationofthefollowingportmirroringrelatedparameters:

1. Configurationofnormalportmirroringsourceportsandonedestinationportonallswitches,

asdescribedabove.

2. ConfigurationofamirrorVLAN,whichisauniqueVLANonwhichmirroredpackets

traverseacrossthenetwork.ThemirrorVLANhastobeconfiguredonALLswitchesacross

thenetworkalongwhichmirroredtraffictraverses,fromtheswitchwherethesourceports

residetotheswitchwherethemirroredpacketsaresniffedand/orcaptured.

Youmustensurethatswitchesinvolvedareproperlyconfiguredtofacilitatecorrectremoteport

mirroringoperation.Thefollowingpointsinparticularneedtobeobserved:

•Onthesourceswitch,thecorrectdestinationportmustbechosentoensurethatthereisan

egresspathfromthatporttothedesiredremotedestination(s).

•Allportsonthepathfromthesourceporttotheremotedestinationmustbemembersofthe

mirrorVLAN.

Caution: Port mirroring configuration should be performed only by personnel who are

knowledgeable about the effects of port mirroring and its impact on network operation.

Note: An Enterasys Networks Feature Guide document containing an in-depth discussion of port

mirroring configuration is located on the EnterasysNetworks web site:

http://www.enterasys.com/support/manuals/

Caution: Traffic mirrored to a VLAN may contain control traffic. This may be interpreted by the

downstream neighbor as legal control frames. It is recommended that you disable any protocols

(such as Spanning Tree) on inter-switch connections that might be affected .