Chapter 40. Port Mirroring
© Copyright Lenovo 2015
The Lenovo N/OS port mirroring feature allows you to mirror (copy) the packets of
a target port, and forward them to a monitoring port. Port mirroring functions for
all layer 2 and layer 3 traffic on a port. This feature can be used as a troubleshooting
tool or to enhance the security of your network. For example, an IDS server or
other traffic sniffer device or analyzer can be connected to the monitoring port in
order to detect intruders attacking the network.
The CN4093 supports a "many to one" mirroring model. As shown in Figure
selected traffic for ports EXT1 and EXT2 is being monitored by port EXT3. In the
example, both ingress traffic and egress traffic on port EXT2 are copied and
forwarded to the monitor. However, port EXT1 mirroring is configured so that
only ingress traffic is copied and forwarded to the monitor. A device attached to
port EXT3 can analyze the resulting mirrored traffic.
Figure 64. Mirroring Ports
Mirrored Ports
Monitor Port
Ingress
Connected to
Both
Traffic
sniffer device
38
39
40
Specified traffic is copied
and forwarded to Monitor Port
In standalone (non‐stacking) mode, the CN4093 supports two monitor ports with
two‐way mirroring, or four monitor ports with one‐way mirroring. In stacking
mode, one monitor port with two‐way mirroring, or two monitor ports with
one‐way mirroring is supported. Each monitor port can receive mirrored traffic
from any number of target ports.
Lenovo N/OS does not support "one to many" or "many to many" mirroring
models where traffic from a specific port traffic is copied to multiple monitor ports.
For example, port EXT1 traffic cannot be monitored by both port EXT3 and EXT4 at
the same time, nor can port EXT2 ingress traffic be monitored by a different port
than its egress traffic.
Ingress and egress traffic is duplicated and sent to the monitor port after
processing.
Note: The CN4093 10Gb Converged Scalable Switch (CN4093) cannot mirror
LACPDU packets. Also, traffic on management VLANs is not mirrored to the
external ports.
41
64,
531