Monitoring ports with port mirroring, Port mirroring overview, Appendix a – Juniper Networks EX2500 User Manual

Port Mirroring Overview

„

85

Appendix A

Monitoring Ports with Port Mirroring

This appendix explains port mirroring to help you monitor ports and troubleshoot
common problems on the EX2500 switch. The following topics are discussed in this
appendix. To use an Access Control List (ACL) for port mirroring, see “Configuring
ACL Port Mirroring” on page 58.

„

Port Mirroring Overview on page 85

„

Configuring Port Mirroring on page 86

Port Mirroring Overview

The port mirroring feature in the EX2500 switch allows you to copy traffic from
specified ports and forward it to another port for monitoring or packet analysis. The
port that receives the copied traffic is called the monitor port. The ports being
monitored, and the traffic being copied, are considered to be mirrored.

The port mirroring feature can be used as a troubleshooting tool or to enhance the
security of your network. You can attach a sniffer, or packet analysis device, to the
monitor port and examine the mirrored traffic without disrupting traffic on the
mirrored ports. As an example, an IDS server can be connected to the monitor port
to detect intruders attacking the network.

The EX2500 switch can mirror all types of Layer 2 and Layer 3 traffic. Up to four
monitor ports can be configured. Each monitor port can receive mirrored traffic
from multiple switch ports, but each specific switch port is permitted to be
mirrored to only one monitor port. For each mirrored port, you can also specify
whether to mirror only ingress traffic (traffic entering the switch port), only egress
traffic (traffic leaving the switch port), or both.

Figure 15 on page 86 shows an example of port mirroring.