High-level overview of the mirror configuration process

Determine the mirroring session and destination

For a local mirroring session

Determine the port number for the exit port (such as A5, B10, and so forth), then go to Configure the monitored traffic in a mirror session.

For a remote mirroring session

Determine the following information and then go to Configure a mirroring destination on a remote switch.

  • The IP address of the VLAN or subnet on which the exit port exists on the destination switch.

  • The port number of the remote exit port on the remote destination switch. (In a remote mirroring endpoint, the IP address of the exit port and the remote destination switch can belong to different VLANs.)

  • The IP address of the VLAN or subnet on which the mirrored traffic enters or leaves the source switch.


    [CAUTION: ]

    CAUTION: Although the switch supports the use of UDP port numbers from 1 to 65535, UDP port numbers below 7933 are reserved for various IP applications. Using these port numbers for mirroring can result in an interruption of other IP functions, and in non-mirrored traffic being received on the destination (endpoint) switch and sent to the device connected to the remote exit port.


  • The unique UDP port number to use for the session on the source switch. (The recommended port range is from 7933 to 65535.)

Configure a mirroring destination on a remote switch

This step is required only if you are configuring a remote mirroring session in which the exit port is on a different switch than the monitored (source) interface. If you are configuring local mirroring, go to Configure a mirroring session on the source switch.

For remote mirroring, you must configure the destination switch to recognize each mirroring session and forward mirrored traffic to an exit port before you configure the source switch. Configure the destination switch with the values you determined for remote mirroring in High-level overview of the mirror configuration process.


[NOTE: ]

NOTE: A remote destination switch can support up to 32 remote mirroring endpoints (exit ports connected to a destination device in a remote mirroring session.)


Configure a destination switch in a remote mirroring session

Enter the mirror endpoint ip command on the remote switch to configure the switch as a remote endpoint for a mirroring session with a different source switch.

Configure a mirroring session on the source switch

To configure local mirroring, only a session number and exit port number are required.

If the exit port for a mirroring destination is on a remote switch instead of the local (source) switch, you must enter the source IP address, destination IP address, and UDP port number for the remote mirroring session. You may also wish to enable frame truncation to allow oversize frames to be truncated rather than dropped.

Frames that exceed the maximum size (MTU) are either dropped or truncated, according to the setting of the [truncation] parameter in the mirror command. Frames that are near the MTU size may become oversize when the 54-byte remote mirroring tunnel header is added for transport between source switch and destination switch. (The addition of the header is a frequent cause for frames becoming oversize, but note that all oversize frames, whatever the cause of their excess size, are dropped or truncated.) If a frame is truncated, bytes are removed from the end of the frame. This may cause the checksum in the original frame header to fail. Some protocol analyzers may flag such a checksum mismatch as an alert.


[NOTE: ]

NOTE: Note that if you enable jumbo frames to allow large frames to be transmitted, you must enable jumbo frames on all switches in the path between source and destination switches.


Configure a source switch in a remote mirroring session

Enter the mirror remote ip command on the source switch to configure a remote destination switch for a mirroring session on the source switch. The source IP address, UDP port number, and destination IP address that you enter must be the same values that you entered with the mirror endpoint ip command.


[CAUTION: ]

CAUTION: After you configure a mirroring session with traffic-selection criteria and a destination, the switch immediately starts to mirror traffic to the destination device connected to each exit port. In a remote mirroring session that uses IPv4 encapsulation, if the remote (endpoint) switch is not already configured as the destination for the session, its performance may be adversely affected by the stream of mirrored traffic. For this reason, Switch strongly recommends that you configure the endpoint switch in a remote mirroring session, as described in Configure a mirroring destination on a remote switch, before using the mirror remote ip command in this section to configure the mirroring source for the same session.


Configure the monitored traffic in a mirror session

This step configures one or more interfaces on a source switch with traffic-selection criteria to select the traffic to be mirrored in a local or remote session configured in section Configure a mirroring session on the source switch.

Traffic selection options

To configure traffic mirroring, specify the source interface, traffic direction, and criteria to be used to select the traffic to be mirrored by using the following options:

  • Interface type

    • Port, trunk, and/or mesh

    • VLAN

    • Switch (global configuration level)

  • Traffic direction and selection criteria

    • All inbound and/or outbound traffic on a port or VLAN interface

    • Only inbound IP traffic selected with an ACL (deprecated in software release K.14.01 and greater)

    • Only inbound IPv4 or IPv6 traffic selected with a classifier-based mirroring policy

    • All inbound and/or outbound traffic selected by MAC source and/or destination address

The different ways to configure traffic-selection criteria on a monitored interface are described in the following sections.

Mirroring-source restrictions

In a mirroring session, you can configure any of the following sources of mirrored traffic:

  • Multiple port and trunk, and/or mesh interfaces

  • One VLAN

    If you configure a VLAN as the source interface in a mirroring session and assign a second VLAN to the session, the second VLAN overwrites the first VLAN as the source of mirrored traffic.

  • One classifier-based policy

    If you configure a mirroring policy on a port or VLAN interface to mirror inbound traffic in a session, you cannot configure a port, trunk, mesh, ACL, or VLAN as an additional source of mirrored traffic in the session.

  • Up to 320 MAC addresses (used to select traffic according to source, destination MAC address, or both) in all mirroring sessions configured on a switch