Port mirroring, Port mirroring 113, Figure 5-2 – Nortel Networks WEB OS 212777 User Manual
Page 113: Monitoring ports 113
Web OS 10.0 Application Guide
Chapter 5: Secure Switch Management
n
113
212777-A, February 2002
Port Mirroring
Port mirroring is implemented to enhance the security of your network. For example, an IDS
server can be connected to the monitor port to detect intruders attacking the network.
The port mirroring feature in Web OS 10.0 allows you to attach a sniffer to a monitoring port
that is configured to receive a copy of every single packet that is forwarded from the mirrored
port. Web OS enables you to mirror port traffic for all layers (Layer 2 - 7).
As shown in
, port 5 is monitoring ingress traffic (traffic entering the switch) on port
1 and egress traffic (traffic leaving the switch) on port 3. You can attach a device to port 5 to
monitor the traffic on ports 1 and 3.
Figure 5-2 Monitoring Ports
shows two mirrored ports monitored by a single port. Similarly, you can have a sin-
gle or groups of
n
a mirrored port to a monitored port
n
many mirrored ports to one monitored port
Web OS 10.0 does not support a single port being monitored by multiple ports.
Packets are duplicated and sent to the mirrored ports after client or server port processing is
completed. Data packets sent from a client to a virtual server are seen at the mirrored port as
follows:
n
source IP address = client IP address
n
destination IP address = real server IP address rather than the virtual server IP address.
Conversely, the response from the server to the client will be seen as follows:
n
source IP address =virtual server IP address
n
destination IP address=client IP address
Link
Data
Active
Link
Data
Active
9
8
TX
RX
TX
RX
Power
Console
5
TX
RX
4
TX
RX
3
TX
RX
1
TX
RX
2
TX
RX
6
TX
RX
7
TX
RX
Link
Data
1000
Base-SX
Gigabit
Powered
Mirrored ports
Monitoring port
Ingress traffic
Egress traffic