Difference between revisions of "Switch port mirroring"

From Teknologisk videncenter
Jump to: navigation, search
m (Dual Comm)
m
 
(6 intermediate revisions by 2 users not shown)
Line 4: Line 4:
 
[[Image:Switch with mirror function.png|thumb|700px|left| Switch with port mirroring]]
 
[[Image:Switch with mirror function.png|thumb|700px|left| Switch with port mirroring]]
 
|}
 
|}
 +
 +
*[http://wiki.wireshark.org/SwitchReference Wireshark Switch reference list]
 
=Cisco Switch=
 
=Cisco Switch=
 
Example below: Send a copy of traffic on fastethernet 0/1 to fastethernet 0/2. Traffic in both directions are mirrored.
 
Example below: Send a copy of traffic on fastethernet 0/1 to fastethernet 0/2. Traffic in both directions are mirrored.
 
<source lang=cli>
 
<source lang=cli>
SW1# <input>configure terminal</input>
+
SW1# configure terminal
SW1(config)# <input>monitor session 1 source fastethernet0/1</input>
+
SW1(config)# monitor session 1 source interface fastethernet0/1  
SW1(config)# <input>monitor session 1 destination fastethernet 0/2</input>
+
SW1(config)# monitor session 1 destination interface fastethernet 0/2
 
</source>
 
</source>
  
 
Remove mirror from session 1.
 
Remove mirror from session 1.
 
<source lang=cli>
 
<source lang=cli>
SW1# <input>CONFIGURE TERMINAL</input>
+
SW1# CONFIGURE TERMINAL
SW1(config)# <input>no MONITOR SESSION 1</input>
+
SW1(config)# no MONITOR SESSION 1  
 
</source>
 
</source>
  
 
=Zyxel switch=
 
=Zyxel switch=
Copy traffic from port 1,4,5 and 6 to port 3
+
Copy traffic from port 1,4,5 and 6 to port 3 (Note '''both''' means mirror traffic in both directions)
 +
*
 
<source lang=cli>
 
<source lang=cli>
 
Switch(config)# <input>mirror-port</input>
 
Switch(config)# <input>mirror-port</input>
Line 25: Line 28:
 
Switch(config)# <input>interface port-channel 1,4-6</input>
 
Switch(config)# <input>interface port-channel 1,4-6</input>
 
Switch(config-interface)# <input>mirror</input>
 
Switch(config-interface)# <input>mirror</input>
Switch(config-interface)# <input>mirror dir egress</input>
+
Switch(config-interface)# <input>mirror dir both</input>
 
</source>
 
</source>
 
Remove mirror again
 
Remove mirror again
Line 31: Line 34:
 
Switch(config)# <input>no mirror-port</input>
 
Switch(config)# <input>no mirror-port</input>
 
</source>
 
</source>
 +
 
=LG iPECS ES-3026P=
 
=LG iPECS ES-3026P=
 
==From CLI==
 
==From CLI==
Line 67: Line 71:
  
 
{{Source cli}}
 
{{Source cli}}
[[Category:Network]]
+
[[Category:Network]][[Category:Fejlfinding]][[Category:Network management]]

Latest revision as of 07:34, 21 June 2018

Switch port mirroring is often used when sniffing traffic to/from a device. Se drawing below.

Switch with port mirroring

Cisco Switch

Example below: Send a copy of traffic on fastethernet 0/1 to fastethernet 0/2. Traffic in both directions are mirrored.

SW1# configure terminal
SW1(config)# monitor session 1 source interface fastethernet0/1 
SW1(config)# monitor session 1 destination interface fastethernet 0/2

Remove mirror from session 1.

SW1# CONFIGURE TERMINAL
SW1(config)# no MONITOR SESSION 1

Zyxel switch

Copy traffic from port 1,4,5 and 6 to port 3 (Note both means mirror traffic in both directions)

Switch(config)# <input>mirror-port</input>
Switch(config)# <input>mirror-port 3</input>
Switch(config)# <input>interface port-channel 1,4-6</input>
Switch(config-interface)# <input>mirror</input>
Switch(config-interface)# <input>mirror dir both</input>

Remove mirror again

Switch(config)# <input>no mirror-port</input>

LG iPECS ES-3026P

From CLI

Monitor traffic in both directions on port 1/7 mirrorport 1/17

iPECS Ethernet Switch Administration

Username: <input>admin</input>
Password: <input>admin</input>

      CLI session with the ES-3026P is opened.
      To end the CLI session, enter [Exit].

ES-3026P#<input>configure</input>
ES-3026P(config)#<input>interface ethernet 1/17</input>
ES-3026P(config-if)#<input>port monitor ethernet 1/7 both</input>

Remove mirror port again

ES-3026P#<input>configure</input>
ES-3026P(config)#<input>interface ethernet 1/17</input>
ES-3026P(config-if)#<input>no port monitor ethernet 1/7</input>

From GUI

Remove mirror from webinterface on switch
Add mirror from webinterface on switch

Network taps

Dual Comm