Enterasys Networks 9034313-07 manual Mirroring Features, Remote Port Mirroring

Port Mirroring

Port Mirroring

Caution: Port mirroring configuration should be performed only by personnel who are knowledgeable about the effects of port mirroring and its impact on network operation.

The SecureStack C3 device allows you to mirror (or redirect) the traffic being switched on a port for the purposes of network traffic analysis and connection assurance. When port mirroring is enabled, one port becomes a monitor port for another port within the device.

Note: An Enterasys Networks Feature Guide document containing an in-depth discussion of port mirroring configuration is located on the Enterasys Networks web site:

http://www.enterasys.com/support/manuals/

Mirroring Features

The SecureStack C3 device supports the following mirroring features:

•Mirroring can be configured in a many‐to‐one configuration so that one target (destination) port can monitor traffic on up to 8 source ports. Only one mirror destination port can be configured per stack, if applicable.

•Both transmit and receive traffic will be mirrored.

•A destination port will only act as a mirroring port when the session is operationally active.

•When a port mirror is created, the mirror destination port is removed from the egress list of VLAN 1 after a reboot.

•MAC addresses will be learned for packets tagged with the mirror VLAN ID. This will prevent the ability to snoop traffic across multiple hops.

Caution: Traffic mirrored to a VLAN may contain control traffic. This may be interpreted by the downstream neighbor as legal control frames. It is recommended that you disable any protocols (such as Spanning Tree) on inter-switch connections that might be affected .

Remote Port Mirroring

Remote port mirroring is an extension to port mirroring which facilitates simultaneous mirroring of multiple source ports on multiple switches across a network to one or more remote destination ports.

Remote port mirroring involves configuration of the following port mirroring related parameters:

1.Configuration of normal port mirroring source ports and one destination port on all switches, as described above.

2.Configuration of a mirror VLAN, which is a unique VLAN on which mirrored packets traverse across the network. The mirror VLAN has to be configured on ALL switches across the network along which mirrored traffic traverses, from the switch where the source ports reside to the switch where the mirrored packets are sniffed and/or captured.

You must ensure that switches involved are properly configured to facilitate correct remote port mirroring operation. The following points in particular need to be observed:

•On the source switch, the correct destination port must be chosen to ensure that there is an egress path from that port to the desired remote destination(s).

•All ports on the path from the source port to the remote destination must be members of the mirror VLAN.

7-36 Port Configuration