Switch port mirroring

From Teknologisk videncenter
Jump to: navigation, search

Switch port mirroring is often used when sniffing traffic to/from a device. Se drawing below.

Switch with port mirroring

Cisco Switch

Example below: Send a copy of traffic on fastethernet 0/1 to fastethernet 0/2. Traffic in both directions are mirrored.

SW1# configure terminal
SW1(config)# monitor session 1 source interface fastethernet0/1 
SW1(config)# monitor session 1 destination interface fastethernet 0/2

Remove mirror from session 1.

SW1(config)# no MONITOR SESSION 1

Zyxel switch

Copy traffic from port 1,4,5 and 6 to port 3 (Note both means mirror traffic in both directions)

Switch(config)# <input>mirror-port</input>
Switch(config)# <input>mirror-port 3</input>
Switch(config)# <input>interface port-channel 1,4-6</input>
Switch(config-interface)# <input>mirror</input>
Switch(config-interface)# <input>mirror dir both</input>

Remove mirror again

Switch(config)# <input>no mirror-port</input>


From CLI

Monitor traffic in both directions on port 1/7 mirrorport 1/17

iPECS Ethernet Switch Administration

Username: <input>admin</input>
Password: <input>admin</input>

      CLI session with the ES-3026P is opened.
      To end the CLI session, enter [Exit].

ES-3026P(config)#<input>interface ethernet 1/17</input>
ES-3026P(config-if)#<input>port monitor ethernet 1/7 both</input>

Remove mirror port again

ES-3026P(config)#<input>interface ethernet 1/17</input>
ES-3026P(config-if)#<input>no port monitor ethernet 1/7</input>

From GUI

Remove mirror from webinterface on switch
Add mirror from webinterface on switch

Network taps

Dual Comm