B-24
Monitoring and Analyzing Switch Operation
Traffic Mirroring
■ All traffic: Monitors all traffic entering or leaving the switch on one or
more interfaces (inbound and outbound).
Mirroring Terminology
Figure B-18 shows an example of the terms used to describe the configuration
of a sample local mirroring session:
■ In the local session, inbound traffic entering Switch A is monitored on
port C2 and mirrored to a destination (host), traffic analyzer 1, through
exit port A15 on the switch.
A local mirroring session means that the monitored interface (C2) and
exit port (A15) are on the same switch.
Figure B-18. Local Session Showing Mirroring Terms
Exit Port: The port to which a traffic analyzer or IDS is connected to receive
mirrored traffic:
- For local mirroring, an exit port can be any port to which a traffic
analyzer or IDS is connected and that is not configured as a monitored
interface. Up to four sessions can be assigned to the same exit port used
for local mirroring. An exit port is configured on the local switch with the
command: mirror eth-port < exit-port >
Local mirroring session:
Source Switch: Switch A
Monitored interface: Port C2
Exit port: A15
Destination/Host: Traffic analyzer 1
Network
Switch A
A15
Traffic
Analyzer 1
C1
C2
VLAN 20
