Mirroring and Spanning Tree: Mirroring is done regardless of the
■
spanning-tree (STP) state of a port or trunk. This means, for example, that
inbound traffic on a port blocked by STP can still be monitored for STP
protocol packets during the STP setup phase.
■
Tagged and Untagged Frames: For a frame entering or leaving the
switch on a mirrored port, the mirrored copy retains the tagged or
untagged state the original frame carried when it entered into or exited
from the switch. (The tagged or untagged VLAN membership of ports in
the path leading to the mirroring destination does not affect the tagged or
untagged status of the mirrored copy itself.) Thus, if a tagged frame arrives
on a mirrored port, the mirrored copy will also be tagged, regardless of
the status of ports in the destination path. If a frame exits from the switch
on a mirrored port that is a tagged member of a VLAN, then the mirrored
copy will also be tagged for the same reason.
■
Effect of IGMP on Mirroring: If both inbound and outbound mirroring
is operating when IGMP is enabled on any VLAN, two copies of mirrored
IGMP frames may appear at the mirroring destination.
Mirrored Traffic Not Encrypted: Mirrored traffic undergoes IPv4
■
encapsulation, but mirrored, encapsulated traffic is not encrypted.
IPv4 Header Added: The IPv4 encapsulation of mirrored traffic adds a
■
54-byte header to each mirrored frame. If a resulting frame exceeds the
maximum MTU allowed in the network, it will be dropped. To reduce the
number of dropped frames, enable jumbo frames in the mirroring path,
including all intermediate switches and/or routers. (The maximum trans-
mission unit—MTU—on the switch is 9220 bytes, which includes 4 bytes
for the 802.1Q VLAN tag.) For more information, refer to "Maximum
Supported Frame Size" on page B-69. To configure the switch for jumbo
frames, refer to "Configuring Jumbo Frame Operation" on page 13-28.
Intercepted or Injected Traffic: The mirroring feature does not protect
■
against either mirrored traffic being intercepted or traffic being injected
into a mirrored stream by an intermediate host.
■
Inbound IPv4-Encapsulated Frames Not Mirrored: The switch does
not mirror IPv4-encapsulated frames it receives on an interface. This
prevents duplicate mirrored frames in configurations where the port
connecting the switch to the network path for mirroring to a destination
is also a port whose inbound or outbound traffic is being mirrored. For
example, if traffic leaving the switch through ports B5, B6, and B7 is being
mirrored through port B7 to a network analyzer, the mirrored frames from
traffic on ports B5 and B6 will not be mirrored a second time as they pass
through port B7.
Monitoring and Analyzing Switch Operation
Traffic Mirroring
B-71
Need help?
Do you have a question about the 6200yl and is the answer not in the manual?
Questions and answers