Table of Contents
Advertisement
Port Mirroring
Port mirroring is implemented to enhance the security of your network. For example, an IDS
server can be connected to the monitor port to detect intruders attacking the network.
The port mirroring feature in Web OS 10.0 allows you to attach a sniffer to a monitoring port
that is configured to receive a copy of every single packet that is forwarded from the mirrored
port. Web OS enables you to mirror port traffic for all layers (Layer 2 - 7).
As shown in
1 and egress traffic (traffic leaving the switch) on port 3. You can attach a device to port 5 to
monitor the traffic on ports 1 and 3.
Mirrored ports
Data
1
Link
Active
Data
Link
Active
TX
RX
Ingress traffic
Figure 5-2 Monitoring Ports
Figure 5-2
gle or groups of
n
a mirrored port to a monitored port
n
many mirrored ports to one monitored port
Web OS 10.0 does not support a single port being monitored by multiple ports.
Packets are duplicated and sent to the mirrored ports after client or server port processing is
completed. Data packets sent from a client to a virtual server are seen at the mirrored port as
follows:
n
source IP address = client IP address
n
destination IP address = real server IP address rather than the virtual server IP address.
Conversely, the response from the server to the client will be seen as follows:
n
source IP address =virtual server IP address
n
destination IP address=client IP address
212777-A, February 2002
Figure
5-2, port 5 is monitoring ingress traffic (traffic entering the switch) on port
Monitoring port
2
3
4
5
6
TX
RX
TX
RX
TX
RX
TX
RX
TX
RX
TX
Egress traffic
shows two mirrored ports monitored by a single port. Similarly, you can have a sin-
Gigabit
Powered
7
8
9
Data
Link
Power
Console
RX
TX
RX
Chapter 5: Secure Switch Management
Web OS 10.0 Application Guide
n
113
Advertisement
Table of Contents
