47 configuring mirror, 1 terminology – CANOGA PERKINS 9175 Configuration Guide User Manual
Page 275
CanogaOS Configuration Guide
47-1
47 Configuring Mirror
This chapter describes how to configure mirror on your switch.
47.1 Terminology
The following describes concepts and terminology associated with mirror configuration.
Mirror Session
A mirror session is an association of a destination port with source ports and source
VLANs. You configure mirror sessions by using parameters that specify the source of
network traffic to monitor. Both switched and routed ports can be configured as mirror
sources and destinations. You can configure up to 4 mirror sessions.
Mirror sessions do not interfere with the normal operation of the switch. However, an
oversubscribed mirror destination, for example, a 10-Mbps port monitoring a 100-Mbps
port, results in dropped or lost packets.
You can configure mirror sessions on disabled ports; however, a mirror session does not
become active unless you enable the destination port and at least one source port or
VLAN for that session.
A mirror session remains inactive after system power-on until the destination port is
operational.
Traffic Types
Mirror sessions include these traffic types:
• Receive (RX) mirror: The goal of receive (or ingress) mirror is to monitor as much
as possible packets received by the source interface or VLAN before any
modification or processing is performed by the switch. A copy of each packet
received (except these packets: BPDU, LACPDU, BMGPDU, packets have been
discarded by IP-MAC binding check, CRC error packets) by the source is sent to
the destination port for that mirror session. You can monitor a series or range of
ingress ports or VLANs in a mirror session. Packets that are modified because of
routing are copied without modification; that is, the original packet is copied.
Packets that are modified because of quality of service (QoS)—for example,
modified Differentiated Services Code Point (DSCP)—are copied with
modification. Packets that are modified because of VLAN translation or VLAN
classification is copied with the modification. Some features that can cause a
packet to be dropped during receive processing have no effect on mirror, the
destination port can receive a copy of the packet even if the actual incoming
packet is dropped. These features include ingress ACL, VLAN’s ingress filter,
MAC filter, STP, VLAN tag control, port security, unknown routing packets.
• Transmit (TX) mirror: The goal of transmit (or egress) mirror is to monitor as much
as possible packets sent by the source interface after all modification and
processing is performed by the switch. A copy of each packet (except these
packets: packets from CPU port, mirroring packets) sent by the source is sent to
the destination port for that mirror session. Some features that can cause a packet
to be dropped during transmit processing might have affect on mirror.
• Both: In a mirror session, you can monitor a single port for both received and sent