Chapter 42. Port Mirroring
© Copyright Lenovo 2017
The Enterprise NOS port mirroring feature allows you to mirror (copy) the packets
of a target port, and forward them to a monitoring port. Port mirroring functions
for all layer 2 and layer 3 traffic on a port. This feature can be used as a
troubleshooting tool or to enhance the security of your network. For example, an
IDS server or other traffic sniffer device or analyzer can be connected to the
monitoring port in order to detect intruders attacking the network.
The CN4093 supports a "many to one" mirroring model. As shown in Figure
selected traffic for ports EXT1 and EXT2 is being monitored by port EXT3. In the
example, both ingress traffic and egress traffic on port EXT2 are copied and
forwarded to the monitor. However, port EXT1 mirroring is configured so that
only ingress traffic is copied and forwarded to the monitor. A device attached to
port EXT3 can analyze the resulting mirrored traffic.
Figure 65. Mirroring Ports
Mirrored Ports
Ingress
Traffic
38
In standalone (non‐stacking) mode, the CN4093 supports two monitor ports with
two‐way mirroring, or four monitor ports with one‐way mirroring. In stacking
mode, one monitor port with two‐way mirroring, or two monitor ports with
one‐way mirroring is supported. Each monitor port can receive mirrored traffic
from any number of target ports.
Enterprise NOS does not support "one to many" or "many to many" mirroring
models where traffic from a specific port traffic is copied to multiple monitor ports.
For example, port EXT1 traffic cannot be monitored by both port EXT3 and EXT4 at
the same time, nor can port EXT2 ingress traffic be monitored by a different port
than its egress traffic.
Ingress and egress traffic is duplicated and sent to the monitor port after
processing.
Note: The CN4093 10 Gb Converged Scalable Switch (CN4093) cannot mirror
LACPDU packets. Also, traffic on management VLANs is not mirrored to the
external ports.
Monitor Port
Connected to
Both
sniffer device
39
40
41
Specified traffic is copied
and forwarded to Monitor Port
65,
607