To reduce the number of dropped frames, enable jumbo frames in the mirroring path, including all intermediate
switches and/or routers. (The MTU on the switch is 9220 bytes, which includes 4 bytes for the 802.1Q VLAN
tag.)
• Intercepted or injected traffic
The mirroring feature does not protect against either mirrored traffic being intercepted or traffic being injected
into a mirrored stream by an intermediate host.
• Inbound mirrored IPv4-encapsulated frames are not mirrored
The switch does not mirror IPv4-encapsulated mirrored frames that it receives on an interface. This prevents
duplicate mirrored frames in configurations where the port connecting the switch to the network path for a
mirroring destination is also a port whose inbound or outbound traffic is being mirrored.
For example, if traffic leaving the switch through ports B5, B6, and B7 is being mirrored through port B7 to a
network analyzer, the mirrored frames from traffic on ports B5 and B6 will not be mirrored a second time as
they pass through port B7.
• Switch operation as both destination and source
A switch configured as a remote destination switch can also be configured to mirror traffic to one of its own
ports (local mirroring) or to a destination on another switch (remote mirroring.)
• Monitor command note
If session 1 is already configured with a destination, you can enter the
[no] vlan
<VID>
monitor
or
[no]
interface
<PORT>
monitor
command without mirroring criteria and a mirror session number. In this
case, the switch automatically configures or removes mirroring for inbound and outbound traffic from the
specified VLAN or ports to the destination configured for session 1.
• Loss of connectivity suspends remote mirroring
When a remote mirroring session is configured on a source switch, the switch sends an ARP request to the
configured destination approximately every 60 seconds. If the source switch fails to receive the expected ARP
response from the destination for the session, transmission of mirrored traffic in the session halts. However,
because the source switch continues to send ARP requests for each configured remote session, link
restoration or discovery of another path to the destination enables the source switch to resume transmitting the
session's mirrored traffic after a successful ARP response cycle occurs.
Note that if a link's connectivity is repeatedly interrupted ("link toggling"), little or no mirrored traffic may be
allowed for sessions using that link. To verify the status of any mirroring session configured on the source
switch, use the
show monitor
command.
Troubleshooting traffic mirroring
Cause
If mirrored traffic does not reach the configured remote destination (endpoint) switch or remote exit port, check the
following configurations:
• The configured remote exit port must not be a member of a trunk or mesh.
• If the destination for mirrored traffic is on a different VLAN than the source, routing must be correctly
configured along the path from the source to the destination.
CAUTION:
A mirroring exit port should be connected only to a network analyzer, IDS, or other
network edge device that has no connection to other network resources. Configuring a mirroring exit
port connection to a network can result in serious network performance problems, and is strongly
discouraged.
446
Aruba 2930F / 2930M Management and Configuration Guide
for ArubaOS-Switch 16.08