
Monitoring and Analyzing Switch Operation
Traffic Mirroring
Switch A
Local mirroring session:
Source Switch: Switch A
Monitored interface: Port A2
Exit port: A15
Destination/Host: Traffic analyzer 1
Network
Switch B
Traffic
Analyzer 2
A15
Traffic
Analyzer 1
A1
A2
B7
Remote mirroring session:
Source Switch: Switch A
Monitored interface: Port A1
Remote exit switch: Switch B
Remote exit port: B7
Destination/Host: Traffic analyzer 2
Figure B-23. Local and Remote Sessions Showing Mirroring Terms
Classifier-Based Mirroring Policy: The service policy applied to a moni-
tored (port or VLAN) interface that specifies the classes of traffic to be
copied to preconfigured mirroring destinations.
Destination : The host device that is connected to an exit port on the local
source switch or a remote switch, and associated with a mirror-session
number (1 to 4). See also Exit Port and Host.
Direction-Based Mirroring: On an interface configured for mirroring, the
traffic direction (entering or leaving the switch, or both) is used as criteria
for selecting the traffic to be mirrored.
Exit Port: The port to which a traffic analyzer or IDS is connected to receive
mirrored traffic:
- For local mirroring, an exit port can be any port to which a traffic
analyzer or IDS is connected and that is not configured as a monitored
interface. You can configure up to four exit ports for local mirroring on a
switch, using the command: mirror <session > port < exit-port >.
- For remote mirroring, the destination IP address (dst-ip) and exit port in
a remote mirroring endpoint can belong to different VLANs. You can
configure up to 32 exit ports for remote mirroring on a switch, using the
command: mirror endpoint ip <src-ip > <src-udp-port > <dst-ip > <exit-port >.
B-31