Set-up Network Switch for Port Mirroring

  1. Home
  2. Network Configuration
  3. Set-up Network Switch for Port Mirroring

We want to set up a network switch for port mirroring to mirror the network traffic in a link. The link is demonstrated in the picture by the yellow cable.

monlinkwithmirroredport1

In this example the link is between the gateway/modem/router and the first switch in the internal LAN.

Now we place a managed switch in this link by putting the yellow cable into one port and adding a 2nd cable (in this case orange) into another port. The other end of this 2nd cable is plugged into where the yellow’s cable end was (in this case the internal switch).

When unplugging and plugging cables there may be a delay in the network traffic resuming. The managed switch is learning the MAC addresses at the end of the cables connected to it. At the end of one cable we have the gateway/modem/router but at the end of the other cable we have an internal switch. Therefore the managed switch also has to learn all the MAC addresses of the devices connected to the internal switch. We found that if one of the connected devices’ MAC address was not yet learnt pinging from the computer whose MAC address is not learnt yet (or initiating some other request/connection from that computer) would cause the MAC address to be learnt.

In this example, as the computer with the browser is connected to the same internal switch this cable acts also as the cable connection to manage the switch. The IP address to manage the switch was given as a static IP or the managed switch will request an IP address from your DHCP server.

monlinkwithmirroredport4

Now we want to use the managed switch to duplicate/mirror the network traffic flowing through the port that has the yellow cable connected to it– port 7. We’ve selected port 6 on the managed switch to be the Mirror Port. We another cable into the Mirror Port. The other end of this cable is connected to Netscope’s ‘Packet Capture Device’ (usually the port marked on Netscope’s casing with a red dot)– called the Capture Port.

monlinkwithmirroredport5

Now to configuring the settings within the managed switch. We set our browser to the IP address of the managed switch and select ‘Port Mirroring’.

physportmirrorcfg4

We select the transmitted traffic and the receiving traffic of port 7 to be the source.

physportmirrorcfg5

We set up a port mirroring session with the destination port set to 6.

physportmirrorcfg6

We now have port 6 mirroring port 7.

The network traffic for this link is now ready to be monitored by Netscope. (Nb. Netscope could have also been placed transparently in-line on this link to monitor it).

Was this article helpful?

Related Articles