Implementing Port Mirroring

You can implement port mirroring on S- K- and 7100-Series devices using simple CLI commands. The source port of a VLAN mirror is a VTAP interface created using the set vlan interface command. A VTAP interface provides the data source input of a VLAN mirror and must exist before attempting to create a VLAN port mirror. Once the specific device ports are operationally linked, use the set port mirroring command to create a mirroring relationship between your intended source and your destination ports.

Policy based mirroring is supported on the S- and K-Series platforms. For policy-based mirroring, use the set mirror create and set mirror ports commands to create the policy mirror destination. To associate a source port with the policy mirror destination, use the set policy rule or the set policy profile command to specify both the source port and the policy mirror destination for the policy.

Enhanced port mirroring is supported on the S- and K-Series platforms. Use the set port mirroring enhanced command to enable up to 4 ports to use enhanced port mirroring providing mirroring of L2/L3 egress multicast frames.

Outbound rate limiting is supported on the S- and K-Series platforms. Use the set port mirroring orl command to enable port mirroring of outbound rate limited frames.

You can also use CLI to operationally disable mirroring, if necessary, and to specify whether to mirror received traffic, transmitted traffic, or both. You can also monitor multicast traffic by enabling IGMP mirroring on specific ports.

Note

It is important to not oversubscribe ports in a mirroring configuration. This can cause bottlenecks and will result in discarded traffic.

Once configured, all packets (network, data, control, and so on) received by the switch will be mirrored. Errored packets will not be mirrored. Unless you disable Spanning Tree on destination ports, they will continue to function as active bridge ports, in accordance with the SMON (Switch Monitoring) standard.