Monitoring and Analyzing Switch Operation

Traffic Mirroring

C a u t i o n

An exit port should be connected only to a network analyzer, IDS, or other

 

network edge device that has no connection to other network resources.

 

Connecting a mirroring exit port to a network can result in serious

 

network performance problems, and is strongly discouraged by ProCurve

 

Networking.

 

Exit Switch: The switch with the exit port to which a destination device is

 

 

connected. Depending on how mirroring is configured, the exit switch can

 

be the local source switch or a remote switch. See also Exit Port.

 

Host: Used in this chapter to refer to a traffic analyzer or intrusion detection

 

system (IDS).

 

IDS: Intrusion Detection System.

 

Local Mirroring: The monitored (source) interface and exit port in a mirror­

 

ing session are on the same switch.

 

Monitored Interface: The interface (port, VLAN, trunk, or mesh) on the

 

source switch on which the inbound and/or outbound traffic to be mir­

 

rored originates, configured with one of the interface monitor or vlan

 

monitor commands (see “4. Configure the Monitored Traffic in a Mirror

 

Session” on page B-55).

 

Remote Mirroring: The monitored (source) interface and exit port in a

 

mirroring session are on different switches. For remote mirroring, you

 

must always configure the IP destination address and exit port (the

 

remote mirroring endpoint) before you configure the monitored interface,

 

by using the following commands:

 

- On the remote (destination) switch:

 

mirror endpoint ip <src-ip > <src-udp-port > < dst-ip > <exit-port >

 

- On the local (source) switch:

 

mirror <session > remote ip <src-ip > <src-udp-port > <dst-ip >

 

For more information see Exit Port and “3. Configure a Mirroring Session

 

on the Source Switch” on page B-52.

 

Source Switch: The source switch on which the inbound and/or outbound

 

traffic to be mirrored originates. See also Monitored Interface.

B-32