Operating Notes For Traffic Mirroring - HP Aruba JL253A Management And Configuration Manual

For example, if the MTU on the path to the destination is 1522 bytes, untagged mirrored frames leaving the
source switch cannot exceed 1518 bytes. Likewise, if the MTU on the path to the destination is 9220 bytes,
untagged mirrored frames leaving the source switch cannot exceed 9216 bytes.
Figure 79: Effect of downstream VLAN tagging on the MTU for mirrored traffic

Operating notes for traffic mirroring

• Mirroring dropped traffic
When an interface is configured to mirror traffic to a local or remote destination, packets are mirrored
regardless of whether the traffic is dropped while on the interface. For example, if an ACL is configured on a
VLAN with a deny ACE that eliminates packets from a Telnet application, the switch still mirrors the Telnet
packets that are received on the interface and subsequently dropped.
• Mirroring and spanning tree
Mirroring is performed regardless of the STP state of a port or trunk. This means, for example, that inbound
traffic on a port blocked by STP can still be monitored for STP packets during the STP setup phase.
• Tagged and untagged frames
For a frame entering or leaving the switch on a mirrored port, the mirrored copy retains the tagged or untagged
state the original frame carried when it entered into or exited from the switch. (The tagged or untagged VLAN
membership of ports in the path leading to the mirroring destination does not affect the tagged or untagged
status of the mirrored copy itself.)
Thus, if a tagged frame arrives on a mirrored port, the mirrored copy is also tagged, regardless of the status of
ports in the destination path. If a frame exits from the switch on a mirrored port that is a tagged member of a
VLAN, the mirrored copy is also tagged for the same reason.
To prevent a VLAN tag from being added to the mirrored copy of an outbound packet sent to a mirroring
destination, you must enter the no-tag-added parameter when you configure a port, trunk, or mesh interface
to select mirrored traffic.
• Effect of IGMP on mirroring
If both inbound and outbound mirroring is operating when IGMP is enabled on a VLAN, two copies of mirrored
IGMP frames may appear at the mirroring destination.
• Mirrored traffic not encrypted
Mirrored traffic undergoes IPv4 encapsulation, but mirrored encapsulated traffic is not encrypted.
• IPv4 header added
The IPv4 encapsulation of mirrored traffic adds a 54-byte header to each mirrored frame. If a resulting frame
exceeds the maximum MTU allowed in the network, it is dropped or truncated (according to the setting of the
[truncation] parameter in the mirror command.)
Chapter 12 Monitoring and Analyzing Switch Operation 445