Mirroring Traffic

CHAPTERS

1. Mirroring

2. Configuration Examples

3. Appendix: Default Parameters

This guide applies to:

T1500G-8T v2 or above, T1500G-10PS v2 or above, T1500G-10MPS v2 or above, T1500-28PCT v3 or above, T1600G-18TS v2 or above, T1600G-28TS v3 or above, T1600G-28PS v3 or above, T1600G-52TS v3 or above, T1600G-52PS v3 or above, T1700X-16TS v3 or above, T1700G-28TQ v3 or above, T2500G-10TS v2 or above, T2600G-18TS v2 or above, T2600G-28TS v3 or above, T2600G-28MPS v3 or above, T2600G-28SQ v1 or above, T2600G-52TS v3 or above.

1Mirroring

You can analyze network traffic and troubleshoot network problems using Mirroring. Mirroring allows the switch to send a copy of the traffic that passes through specified sources (ports, LAGs or the CPU) to a destination port. It does not affect the switching of network traffic on source ports, LAGs or the CPU.

1.1Using the GUI

Choose the menu MAINTENANCE > Mirroring to load the following page.

Figure 1-1 Port Mirroring Session List

The above page displays a mirroring session, and no more session can be created. Click Edit to configure this mirroring session on the following page.

Figure 1-2 Configure the Mirroring Session

Follow these steps to configure the mirroring session:

1)In the Destination Port Config section, specify a destination port for the mirroring session, and click Apply.

2)In the Source Interfaces Config section, specify the source interfaces and click Apply. Traffic passing through the source interfaces will be mirrored to the destination port. There are three source interface types: port, LAG, and CPU. Choose one or more types according to your need.

UNIT1

Select the desired ports as the source interfaces. The switch will send a copy of traffic passing through the port to the destination port.

LAGS

Select the desired LAGs as the source interfaces. The switch will send a copy of traffic passing through the LAG members to the destination port.

CPU

When selected, the switch will send a copy of traffic passing through the CPU to the destination port.

Ingress

With this option enabled, the packets received by the corresponding interface (port, LAG or CPU) will be copied to the destination port. By default, it is disabled.

Egress

With this option enabled, the packets sent by the corresponding interface (port, LAG or CPU) will be copied to the destination port. By default, it is disabled.

Note:

The member ports of an LAG cannot be set as a destination port or source port.

A port cannot be set as the destination port and source port at the same time.

1.2Using the CLI

Follow these steps to configure Mirroring.

Step 1

configure

Enter global configuration mode.

Step 2

monitor session session_num destination interface { fastEthernet port | gigabitEthernet port | ten-gigabitEthernet port}

Enable the port mirror function and set the destination port.

session_num: The monitor session number. It can only be specified as 1.

port: The destination port number. You can specify only one destination port for the mirror session.

Step 3

monitor session session_num source { cpu cpu_numbr | interface { fastEthernet port-list | gigabitEthernet port-list | ten-gigabitEthernet port-list | port-channel port-channel-id }} mode

Configure ports or LAGs as the monitored interfaces.

session_num: The monitor session number. It can only be specified as 1.

cpu_number: The CPU number. It can only be specified as 1.

port-list: List of source ports. It is multi-optional.

mode: The monitor mode. There are three options: rx, tx and both:

rx: The incoming packets of the source port will be copied to the destination port.

tx: The outgoing packets of the source port will be copied to the destination port.

both: Both of the incoming and outgoing packets on source port can be copied to the destination port.

Note:

You can configure one or more source interface types (ports, LAGs and the CPU) according to your needs.

Step 4

show monitor session

Verify the Port Mirror configuration.

Step 5

end

Return to privileged EXEC mode.

Step 6

copy running-config startup-config

Save the settings in the configuration file.

The following example shows how to copy the received and transmitted packets on port 1/0/1,2,3 and the CPU to port 1/0/10.

Switch#configure

Switch(config)#monitor session 1 destination interface gigabitEthernet 1/0/10

Switch(config)#monitor session 1 source interface gigabitEthernet 1/0/1-3 both

Switch(config)#monitor session 1 source cpu 1 both

Switch(config)#show monitor session

Monitor Session: 1

Destination Port: Gi1/0/10

Source Ports(Ingress): Gi1/0/1-3

Source Ports(Egress): Gi1/0/1-3

Source CPU(Ingress): cpu1

Source CPU(Egress): cpu1

Switch(config-if)#end

Switch#copy running-config startup-config

2Configuration Examples

2.1Network Requirements

As shown below, several hosts and a network analyzer are directly connected to the switch. For network security and troubleshooting, the network manager needs to use the network analyzer to monitor the data packets from the end hosts.

Figure 2-1 Network Topology

2.2Configuration Scheme

To implement this requirement, you can use Mirroring feature to copy the packets from ports 1/0/2-5 to port 1/0/1. The overview of configuration is as follows:

1)Specify ports 1/0/2-5 as the source ports, allowing the switch to copy the packets from the hosts.

2)Specify port 1/0/1 as the destination port so that the network analyzer can receive mirrored packets from the hosts.

Demonstrated with T2600G-28TS, the following sections provide configuration procedure in two ways: using the GUI and using the CLI.

2.3Using the GUI

1)Choose the menu MAINTENANCE > Mirroring to load the following page. It displays the information of the mirroring session.

Figure 2-2 Mirror Session List

2)Click Edit on the above page to load the following page. In the Destination Port Config section, select port 1/0/1 as the destination port and click Apply.

Figure 2-3 Destination Port Configuration

3)In the Source Interfaces Config section, select ports 1/0/2-5 as the source ports, and enable Ingress and Egress to allow the received and sent packets to be copied to the destination port. Then click Apply.

Figure 2-4 Source Port Configuration

4)Click to save the settings.

2.4Using the CLI

Switch#configure

Switch(config)#monitor session 1 destination interface gigabitEthernet 1/0/1

Switch(config)#monitor session 1 source interface gigabitEthernet 1/0/2-5 both

Switch(config)#end

Switch#copy running-config startup-config

Verify the Configuration

Switch#show monitor session 1

Monitor Session: 1

Destination Port: Gi1/0/1

Source Ports(Ingress): Gi1/0/2-5

Source Ports(Egress): Gi1/0/2-5

3Appendix: Default Parameters

Default settings of Switching are listed in th following tables.

Table 3-1Configurations for Ports

Parameter

Default Setting

Ingress

Disabled

Egress

Disabled