Chapter
10
10 – Port Mirroring and Setup
Setup the ports for network speeds, performance as well as for monitoring….
his section explains how individual characteristics of a port on the GarrettCom Magnum 6K
family of switches are setup. For monitoring a specific port, the traffic on a port can be
mirrored on another port and viewed by protocol analyzers. Other setup includes
automatically setting up broadcast storm prevention thresholds.
T
P
A
h
an
ort monitoring and mirroring
n Ethernet switch sends traffic from one port to another port, unlike a
ub or a shared network device, where the traffic is “broadcast” on each
d every port. Capturing traffic for protocol analysis or intrusion analysis
can be impossible on a switch unless all the traffic for a specific port is
“reflected” on another port, typically a monitoring port. The Magnum 6K family of
switches can be instructed to repeat the traffic from one port onto another port. This
process - when traffic from one port is reflecting to another port - is called port mirroring.
The monitoring port is also called a “sniffing” port. Port monitoring becomes critical for
trouble shooting as well as for intrusion detection.
j
Port mirroring
Monitoring a specific port can be done by port mirroring. Mirroring traffic from one port
to another port allows analysis of the traffic on that port. The set of commands for port
mirroring are
Syntax show port-mirror – displays the status of port mirroring
Syntax port-mirror - enter the port mirror configuration mode
Syntax setport monitor=<monitor port number> sniffer=<sniffer port number> -
setup a prot mirrior port
Syntax prtmr <enable|disable> - enable and disable port mirroring
122