Filter
Top Products
Monitoring and Analyzing Switch Operation
Traffic Mirroring
Selecting Inbound/Outbound Traffic Using a MAC
Address
Use the monitor mac mirror command at the global configuration level to apply
a source and/or destination MAC address as the selection criteria used in a
local or remote mirroring session.
While classifier-based mirroring allows you to mirror traffic using a policy to
specify IP addresses as selection criteria, MAC-based mirroring allows you
monitor switch traffic using a source and/or destination MAC address. You
can apply MAC-based mirroring in one or more mirroring sessions on the
switch to monitor:
■ Inbound traffic
■ Outbound traffic
■ Both inbound and outbound traffic
MAC-based mirroring is useful in ProCurve Network Immunity security solu-
tions that provide detection and response to malicious traffic at the network
edge. After isolating a malicious MAC address, a security administrator can
mirror all traffic sent to, and received from, the suspicious address for
troubleshooting and traffic analysis.
The MAC address that you enter with the monitor mac mirror command is
configured to select traffic for mirroring from all ports and learned VLANs on
the switch. Therefore, a suspicions MAC address used in wireless applications
can be continuously monitored as it re-appears in switch traffic on different
ports or VLAN interfaces.
You can configure MAC-based mirroring from the CLI or an SNMP manage-
ment station and use it to mirror:
■ All inbound and outbound traffic from a group of hosts to one destination
device.
■ Inbound and/or outbound traffic from each host to a different destination
device.
■ Inbound and outbound traffic from all monitored hosts separately on two
destination devices: mirroring all inbound traffic to one device and all
outbound traffic to another device.
B-63