This document explains how to configure port mirroring on switches to send copies of data to a Monitoring Server like blësk. Please take note that commands, as explained in this document, may vary according to your device version and models.
1. Configure ports that should be monitored (Ports 0/15 to 0/17 with 0/19 are to be monitored) :
WS-C3560-24TS#conf t
WS-C3560-24TS(config)#monitor session 1 source interface FastEthernet0/15 - 17 , FastEthernet0/19 bothNote: The above commands will monitor both inbound and outbound traffics for interfaces 15 to 17 with 19.
2. Enable mirroring where the probe is connected to port 0/18 :
WS-C3560-24TS(config)#monitor session 1 destination interface FastEthernet 0/183. If you assign port 18 as the monitoring port and configure the switch to monitor ports 15 – 17 and 19, show monitor displays the following :
WS-C3560-24TS#
sh monitor
Session 1
---------
Type : Local Session
Source Ports :
Both : Fa0/15-17,Fa0/19
Destination Ports : Fa0/18
Encapsulation : Native
Ingress : Disabled1. Enable mirroring where the probe is connected to port 0/1/48 :
fgs (config)# mirror-port ethernet 0/1/482. Configure ports that should be monitored (Ports 0/1/1 to 0/1/47 are to be monitored) :
fgs (config)# interface ethernet 0/1/1 to 0/1/47
fgs (config)# monitor bothNote The above commands will monitor both inbound and outbound traffics for interfaces 1 to 47.
1. For example, to assign port 2 as the monitoring port (Port receiving monitored traffic) :
hp (config)# mirror-port ethernet 22. Configure ports that should be monitored (Ports 10 to 24 are to be monitored) :
hp (config)# interface ethernet 10-24 monitorNote: The above commands will monitor traffics for interfaces 10 to 24 on the HP switch.
3. If you assign port 2 as the monitoring port and configure the switch to monitor ports 10 – 24, show monitor displays the following :
hp (config)# show monitor
Network Monitoring Port
Mirror Port: 2
Monitoring sources
------------------
10 – 241. The following examples show a simple port level configuration that mirrors both transmitted and received packet from one port to another :
console(config)#monitor session 1 source interface te1/0/8
console(config)#monitor session 1 destination interface te1/0/10
console(config)#monitor session 1 mode
2. The following command displays the port monitoring status on DELL :
console#show monitor session 1For DELL Force 10 Series
1. For a Force 10 switch, commands are different, here how to enable port mirroring. The following example shows how traffic on port 0/41 (source port) is copied to port 0/9 (destination port) :
dell (config)# monitor session 0
dell (conf-mon-sess-0)# source GigabitEthernet 0/41 destination GigabitEthernet 0/9 direction bothNote: You may experiment the following error :
dell (conf-mon-sess-0)#source gigabitethernet 0/41 destination gigabitethernet 0/9 direction both% Error: MG port is in L2 mode
Yes, port monitoring cannot be configured if the port, where the data will be mirrored, is layer 2. You must remove the L2 configuration on the port before continuing.
The FortiSwitch unit can send a copy of any ingress or egress packet on a port to egress on another port of the same FortiSwitch unit. The original traffic is unaffected. This process is known as port-based mirroring and is typically used for external analysis and capture.
The following commands configure a FortiSwitch to send a copy of all incoming and outgoing traffics on port interface 2 and 3 to the port interface 1 which is the one on which you will connect your ethernet cable to capture the data.
config switch-controller managed-switch
edit S513DE4P15010494
config mirror
edit bProbe
set status active
set dst port1
set switching-packet enable
set src-ingress port2 port3
set src-egress port2 port3
next
end
nextNote: S513DE4P15010494 is the FortiSwitch serial number need to connect to the right device, bProbe is the name we give to this configuration. port1 represents our destination port, port2 and port3, the ports we want to capture a copy of traffic from.