18.1.2 Operation Specifications for Port Mirroring
- <Structure of this section>
(1) Basic operation
Port mirroring on the Switch configures the port that monitors traffic as the monitor port. Also, set the mirror port as the destination port for mirroring frames. The mirror port is a port dedicated to mirroring.
(2) Monitoring session
A combination of monitor ports and mirror ports is called a monitor session. You can specify monitored frames, monitor ports, and mirror ports in a monitor session. Select one of three types of monitored frames: receive frame, transmit frame, or transmit/receive frame.
You can configure up to four monitor sessions on the Switch.
For each monitor session, you can configure the monitor and mirror ports as "many-to-one." This way, you can send a copy of the frames sent and received on multiple monitor ports to one mirror port. A mirror port can also be configured with a port-channel interface, which can send a copy of a frame received from one or more monitor ports to a port-channel interface.
The monitor port and mirror port can be mirrored even if the speed and line type are different. If you specify multiple monitor ports in a monitor session, you can also specify monitor ports with different speeds and line types at the same time. However, because mirroring frames are sent below the line bandwidth of the mirror port, if the amount of mirroring frames exceeds the bandwidth of the mirror port, mirroring frames may be discarded.
(3) Monitor port
You can specify any Ethernet interface other than the following for the monitor port. Even if it is specified as a monitor port, there is no restriction on each function of the port or interface.
-
Port configured as a mirror port
-
Port specified for the monitor port of another monitor session
(4) Mirror port
Set the port to which you want to send mirroring frames to the mirror port. Mirror ports are dedicated to mirroring. The following table describes the functions of the mirror port.
-
VLAN function and Layer 3 communication function cannot be used. For this reason, functions such as Spanning Tree Protocols and Ring Protocol,IGMP snooping/MLD snooping that assume VLAN functionality, and functions such as SNMP,DHCP that assume the Layer 3 communication functionality cannot be used.
-
When the function to send control frames to the mirror port is set, control frames for the set functions are sent to the mirror port in addition to mirroring frames.
-
If you configure a sender filter for a mirror port, mirroring frames are also filtered. Therefore, by setting discard by filter, only necessary frames can be sent from mirroring frames when mirroring on a per-port basis.
-
QoS transmit control also works on mirror ports. Therefore, the mirroring frame may be discarded and not sent from the mirror port. For details, see section 4, Transmission Control.
-
A mirroring frame is also sent if you use it as an uplink port for an uplink redundant and configure a mirror port for a port in the standby port state.
-
Mirroring frames are also sent when a mirror port using 802.1Q Tag grant function is set for a port that is in the standby link status due to link aggregation non-link down mode.
(5) Mirroring received frames
When a frame to be monitored is a frame to be sent or received, the received frame can be mirrored. At this time, all frames received by the monitor port are mirrored.
Therefore, frames discarded by the monitor port due to the reception filter or storm control set for the monitor port will not be forwarded but will be mirrored. However, frames that are discarded as error frames on the Ethernet interface when a frame is received are not mirrored.
(6) Mirroring Transmit Frames
When a transmit/receive frame or a transmit frame is specified as a monitor target frame, the transmit frame can be mirrored. The operation of each mirrored frame and condition is as follows.
-
The control frames sent and received by the monitor port are also mirrored.
-
When Tag translation is used on the monitor port, mirroring is performed as a Tagged frame with VLAN ID of VLAN to be transmitted on the monitor port.
-
TPID of the mirroring frame is TPID of the monitor port.
-
Frames discarded by QoS transmit control on the monitor port are not mirrored.
-
When discarding is set by the sender filter, mirroring of the frame to be discarded is as follows.
-
If an Ethernet interface is selected, frames discarded by filters on the monitor port are also mirrored and sent from the mirror port.
-
If you set a VLAN interface to which the monitor port belongs, frames that are discarded by filters on the monitor port are not sent from the mirror port.
-