Filter
Top Products
Monitoring and Analyzing Switch Operation
Traffic Mirroring
Operating Notes for Traffic Mirroring
■ Mirroring Dropped Traffic: When an interface is configured to mirror
traffic to a local or remote destination, packets are mirrored regardless
of whether the traffic is dropped while on the interface. For example, if
an ACL is configured on a VLAN with a deny ACE that eliminates packets
from a Telnet application, the switch still mirrors the Telnet packets that
are received on the interface and subsequently dropped.
■ Mirroring and Spanning Tree: Mirroring is performed regardless of the
spanning-tree (STP) state of a port or trunk. This means, for example, that
inbound traffic on a port blocked by STP can still be monitored for STP
protocol packets during the STP setup phase.
■ Tagged and Untagged Frames: For a frame entering or leaving the
switch on a mirrored port, the mirrored copy retains the tagged or
untagged state the original frame carried when it entered into or exited
from the switch. (The tagged or untagged VLAN membership of ports in
the path leading to the mirroring destination does not affect the tagged or
untagged status of the mirrored copy itself.)
Thus, if a tagged frame arrives on a mirrored port, the mirrored copy will
also be tagged, regardless of the status of ports in the destination path. If
a frame exits from the switch on a mirrored port that is a tagged member
of a VLAN, then the mirrored copy will also be tagged for the same reason.
To prevent a VLAN tag from being added to the mirrored copy of an
outbound packet sent to a mirroring destination, you must enter the no-
tag-added parameter when you configure a port, trunk, or mesh interface
to select mirrored traffic. For more information see “Port Interface with
Traffic Direction as the Selection Criteria” on page B-57 and “Untagged
Mirrored Packets” on page B-59.
■ Effect of IGMP on Mirroring: If both inbound and outbound mirroring
is operating when IGMP is enabled on a VLAN, two copies of mirrored
IGMP frames may appear at the mirroring destination.
■ Mirrored Traffic Not Encrypted: Mirrored traffic undergoes IPv4
encapsulation, but mirrored encapsulated traffic is not encrypted.
■ IPv4 Header Added: The IPv4 encapsulation of mirrored traffic adds a
54-byte header to each mirrored frame. If a resulting frame exceeds the
maximum MTU allowed in the network, it will be dropped. To reduce the
number of dropped frames, enable jumbo frames in the mirroring path,
including all intermediate switches and/or routers. (The maximum trans-
mission unit—MTU—on the switch is 9220 bytes, which includes 4 bytes
for the 802.1Q VLAN tag.) For more information, refer to “Maximum
Supported Frame Size” on page B-92. To configure the switch for jumbo
frames, refer to “Configuring Jumbo Frame Operation” on page 13-32.
B-95