You can designate monitoring of inbound and outbound traffic on:
The switch monitors network activity by copying all traffic inbound and outbound on the specified interfaces to the designated monitoring port, to which a network analyzer can be attached.
If a tagged packet arrives on a monitored port, the packet will remain tagged when it goes out a monitored port even if that port is configured as untagged. If the packet is untagged, it will remain untagged going out the monitor port. The monitor port state (tagged or untagged) does not affect the tagging of the packet. However, egress mirroring does not reflect the tagged or untagged characteristic to the mirror port, instead it reflects the tagged or untagged characteristic of the mirror port.
|
|
NOTE: When both inbound and outbound monitoring is done, and IGMP is enabled on any VLAN, you may get two copies of IGMP packets on the monitored port. |
|
|
This procedure describes configuring the switch for monitoring when monitoring is disabled. (If monitoring has already been enabled, the screens will appear differently than shown in this procedure.)
-
If monitoring is currently disabled (the default) then enable it by pressing the Space bar (or [Y]) to select Yes.
-
Press the down arrow key to display a screen similar to the following and move the cursor to the Monitoring Port parameter.
-
Highlight the Monitor field and use the Space bar to select the interfaces to monitor:
-
Use the down arrow key to move the cursor to the Action column for the individual ports and position the cursor at a port you want to monitor.
-
Press the Space bar to select Monitor for each port and trunk that you want monitored. (Use the down arrow key to move from one interface to the next in the Action column.)
-
When you finish selecting ports to monitor, press [Enter], then press [S] (for Save) to save your changes and exit from the screen.
You must use the following configuration sequence to configure port and static trunk monitoring in the CLI:
Syntax:
This command lists the port assigned to receive monitored traffic and the ports and/or trunks being monitored.
For example, if you assign port 5 as the monitoring port and configure the switch to monitor ports 2-4, show monitor
displays the following:
Syntax:
This command assigns or removes a monitoring port, and must be executed from the global configuration level. Removing the monitor port disables port monitoring and resets the monitoring parameters to their factory-default settings.
After you configure a monitor port you can use either the global configuration level or the interface context level to select ports, static trunks, or VLANs as monitoring sources. You can also use either level to remove monitoring sources.
Syntax:
|
|
NOTE: Individual ports and static trunks can be monitored at the same time. However, if you configure the switch to monitor a VLAN, all other interfaces are removed from monitoring. Also, you can configure only one VLAN at a time for monitoring. |
|
|
Elements in the monitor list can include port numbers and static trunk names at the same time.
For example, with a port such as port 5 configured as the monitoring (mirror) port, you would use either of the following commands to select these interfaces for monitoring:
Selecting ports and static trunks as monitoring sources
HP Switch(config)# int 6-9, 14 trk2, monitor
Configuring VLAN monitoring
HP Switch(config)# vlan 20 monitor HP Switch(config)# show monitor Network Monitoring Port Mirror Port: 5 Monitoring sources ------------------ VLAN_20