Difference between revisions of "Switch port mirroring"
From Teknologisk videncenter
m (New page: Switch port mirroring is often used when sniffing traffic to/from a device. Se drawing below. {| | thumb|700px|left| Switch with port mirroring |}...) |
m |
||
| (15 intermediate revisions by 3 users not shown) | |||
| Line 4: | Line 4: | ||
[[Image:Switch with mirror function.png|thumb|700px|left| Switch with port mirroring]] | [[Image:Switch with mirror function.png|thumb|700px|left| Switch with port mirroring]] | ||
|} | |} | ||
| + | |||
| + | *[http://wiki.wireshark.org/SwitchReference Wireshark Switch reference list] | ||
=Cisco Switch= | =Cisco Switch= | ||
Example below: Send a copy of traffic on fastethernet 0/1 to fastethernet 0/2. Traffic in both directions are mirrored. | Example below: Send a copy of traffic on fastethernet 0/1 to fastethernet 0/2. Traffic in both directions are mirrored. | ||
<source lang=cli> | <source lang=cli> | ||
| − | SW1# | + | SW1# configure terminal |
| − | SW1(config)# | + | SW1(config)# monitor session 1 source interface fastethernet0/1 |
| − | SW1(config)# | + | SW1(config)# monitor session 1 destination interface fastethernet 0/2 |
</source> | </source> | ||
Remove mirror from session 1. | Remove mirror from session 1. | ||
<source lang=cli> | <source lang=cli> | ||
| − | SW1# | + | SW1# CONFIGURE TERMINAL |
| − | SW1(config)# | + | SW1(config)# no MONITOR SESSION 1 |
</source> | </source> | ||
| + | |||
=Zyxel switch= | =Zyxel switch= | ||
| − | Copy traffic from port 1,4,5 and 6 to port 3 | + | Copy traffic from port 1,4,5 and 6 to port 3 (Note '''both''' means mirror traffic in both directions) |
| + | * | ||
<source lang=cli> | <source lang=cli> | ||
Switch(config)# <input>mirror-port</input> | Switch(config)# <input>mirror-port</input> | ||
| Line 24: | Line 28: | ||
Switch(config)# <input>interface port-channel 1,4-6</input> | Switch(config)# <input>interface port-channel 1,4-6</input> | ||
Switch(config-interface)# <input>mirror</input> | Switch(config-interface)# <input>mirror</input> | ||
| − | Switch(config-interface)# <input>mirror dir | + | Switch(config-interface)# <input>mirror dir both</input> |
</source> | </source> | ||
Remove mirror again | Remove mirror again | ||
| Line 31: | Line 35: | ||
</source> | </source> | ||
| + | =LG iPECS ES-3026P= | ||
| + | ==From CLI== | ||
| + | Monitor traffic in both directions on port 1/7 mirrorport 1/17 | ||
| + | <source lang=cli> | ||
| + | iPECS Ethernet Switch Administration | ||
| + | |||
| + | Username: <input>admin</input> | ||
| + | Password: <input>admin</input> | ||
| + | |||
| + | CLI session with the ES-3026P is opened. | ||
| + | To end the CLI session, enter [Exit]. | ||
| + | |||
| + | ES-3026P#<input>configure</input> | ||
| + | ES-3026P(config)#<input>interface ethernet 1/17</input> | ||
| + | ES-3026P(config-if)#<input>port monitor ethernet 1/7 both</input> | ||
| + | </source> | ||
| + | Remove mirror port again | ||
| + | <source lang=cli> | ||
| + | ES-3026P#<input>configure</input> | ||
| + | ES-3026P(config)#<input>interface ethernet 1/17</input> | ||
| + | ES-3026P(config-if)#<input>no port monitor ethernet 1/7</input> | ||
| + | </source> | ||
| + | ==From GUI== | ||
| + | {| | ||
| + | | | ||
| + | [[Image:LGs1.gif|700px|thumb|left|Add mirror from webinterface on switch]] | ||
| + | |- | ||
| + | [[Image:LGs2.gif|700px|thumb|left|Remove mirror from webinterface on switch]] | ||
| + | |} | ||
| + | =Network taps= | ||
| + | ==Dual Comm== | ||
| + | *[http://www.lovemytool.com/blog/2010/04/review-of-dualcomm-5-port-pass-through-port-mirroring-switch-by-betty-dubois.html Artikel om Dualcomm 5-Port Pass-Through Port Mirroring Switch] | ||
| + | *[http://www.dual-comm.com/gigabit_port-mirroring-LAN_switch.htm 10/100/1000 Network TAP] med PoS pass-through. Powerered fra USB | ||
| + | *[http://www.dual-comm.com/ Dual-Comm hjemmeside] | ||
{{Source cli}} | {{Source cli}} | ||
| − | [[Category:Network]] | + | [[Category:Network]][[Category:Fejlfinding]][[Category:Network management]] |
Latest revision as of 08:34, 21 June 2018
Switch port mirroring is often used when sniffing traffic to/from a device. Se drawing below.
Contents
Cisco Switch
Example below: Send a copy of traffic on fastethernet 0/1 to fastethernet 0/2. Traffic in both directions are mirrored.
SW1# configure terminal
SW1(config)# monitor session 1 source interface fastethernet0/1
SW1(config)# monitor session 1 destination interface fastethernet 0/2Remove mirror from session 1.
SW1# CONFIGURE TERMINAL
SW1(config)# no MONITOR SESSION 1Zyxel switch
Copy traffic from port 1,4,5 and 6 to port 3 (Note both means mirror traffic in both directions)
Switch(config)# <input>mirror-port</input>
Switch(config)# <input>mirror-port 3</input>
Switch(config)# <input>interface port-channel 1,4-6</input>
Switch(config-interface)# <input>mirror</input>
Switch(config-interface)# <input>mirror dir both</input>Remove mirror again
Switch(config)# <input>no mirror-port</input>LG iPECS ES-3026P
From CLI
Monitor traffic in both directions on port 1/7 mirrorport 1/17
iPECS Ethernet Switch Administration
Username: <input>admin</input>
Password: <input>admin</input>
CLI session with the ES-3026P is opened.
To end the CLI session, enter [Exit].
ES-3026P#<input>configure</input>
ES-3026P(config)#<input>interface ethernet 1/17</input>
ES-3026P(config-if)#<input>port monitor ethernet 1/7 both</input>Remove mirror port again
ES-3026P#<input>configure</input>
ES-3026P(config)#<input>interface ethernet 1/17</input>
ES-3026P(config-if)#<input>no port monitor ethernet 1/7</input>From GUI
Network taps
Dual Comm
- Artikel om Dualcomm 5-Port Pass-Through Port Mirroring Switch
- 10/100/1000 Network TAP med PoS pass-through. Powerered fra USB
- Dual-Comm hjemmeside