2 understanding mirror – CANOGA PERKINS 9175 Configuration Guide User Manual

CanogaOS Configuration Guide

47-2

packets.

Source Port
A source port (also called a monitored port) is a switched or routed port that you monitor
for network traffic analysis. In a single mirror session, you can monitor source port traffic
such as received (Rx), transmitted (Tx), or bidirectional (both). The switch supports any
number of source ports (up to the maximum number of available ports on the switch) and
any number of source VLANs (up to the maximum number of VLANs supported).
A source port has these characteristics:

• It can be any port type (for example, EtherChannel).

• It can only be monitored in a single mirror session.

• It cannot be a destination port.

• Each source port can be configured with a direction (ingress, egress, or both) to

monitor. For EtherChannel sources, the monitored direction would apply to all the
physical ports in the group.

• Source ports can be in the same or different VLANs.

• For VLAN sources, whether VLAN is created or not, You can configure this VALN

as mirror source.

• It can not be a physical port that is assigned to an EtherChannel group.

Destination Port
Each mirror session must have a destination port (also called a monitoring port) that
receives a copy of traffic from the source ports and VLANs.
The destination port has these characteristics:

• It must reside on the same switch as the source port.

• It can be any Ethernet physical port.

• It can not be physical port that is assigned to an EtherChannel group.

• It can participate in only one mirror session at a time (a destination port in one

mirror session cannot be a destination port for a second mirror session).

• It cannot be a source port.

• The port does not transmit any traffic except that required for the mirror session.

• It does not participate in spanning tree while the mirror session is active.

• When it is a destination port, all other normal system function of this port should

not work until mirror destination configure disabled on this port.

• No address learning occurs on the destination port.

47.2 Understanding Mirror

You can analyze network traffic passing through ports or VLANs by using mirror function
to send a copy of the traffic to another port on the switch that has been connected to a
SwitchProbe device or other Remote Monitoring (RMON) probe or security device.
mirrors received or sent (or both) traffic on a source port and received traffic on one or
more source ports or source VLANs, to a destination port for analysis.
For example, in figure 1-1, all traffic on port 4 (the source port) is mirrored to port 8 (the
destination port). A network analyzer on port 8 receives all network traffic from port 4
without being physically attached to port 4.