CAUTION:
Although the switch supports the use of UDP port numbers from 1 to 65535, UDP port
numbers below 7933 are reserved for various IP applications. Using these port numbers for
mirroring can result in an interruption of other IP functions, and in non-mirrored traffic being
received on the destination (endpoint) switch and sent to the device connected to the remote exit
port.
• The unique UDP port number to use for the session on the source switch. (The recommended port range is
from 7933 to 65535.)
Configure a mirroring destination on a remote switch
This step is required only if you are configuring a remote mirroring session in which the exit port is on a different
switch than the monitored (source) interface.
For remote mirroring, you must configure the
destination
switch to recognize each mirroring session and forward
mirrored traffic to an exit port before you configure the
source
switch. Configure the destination switch with the
values you determined for remote mirroring in
Determine the mirroring session and destination
NOTE:
A remote destination switch can support up to 32 remote mirroring endpoints (exit ports
connected to a destination device in a remote mirroring session.)
Configure a destination switch in a remote mirroring session
Enter the
mirror endpoint ip
command on the remote switch to configure the switch as a remote endpoint
for a mirroring session with a different source switch.
Configure a mirroring session on the source switch
To configure local mirroring, exit port number is all that is required.
If the exit port for a mirroring destination is on a remote switch instead of the local (source) switch, you must enter
the source IP address, destination IP address, and UDP port number for the remote mirroring session. You may
also wish to enable frame truncation to allow oversize frames to be truncated rather than dropped.
Frames that exceed the maximum size (MTU) are either dropped or truncated, according to the setting of the
[truncation]
parameter in the
mirror
command.
Frames that are near the MTU size may become oversize when the 54-byte remote mirroring tunnel header is
added for transport between source switch and destination switch.
(The addition of the header is a frequent cause for frames becoming oversize, but note that all oversize frames,
whatever the cause of their excess size, are dropped or truncated.) If a frame is truncated, bytes are removed
from the end of the frame. This may cause the checksum in the original frame header to fail. Some protocol
analyzers may flag such a checksum mismatch as an alert.
NOTE:
Note that if you enable jumbo frames to allow large frames to be transmitted, you must
enable jumbo frames on all switches in the path between source and destination switches.
Configure a source switch in a remote mirroring session
Enter the
mirror remote ip
command on the source switch to configure a remote destination switch for a
mirroring session on the source switch. The source IP address, UDP port number, and destination IP address that
you enter must be the same values that you entered with the
mirror endpoint ip
command.
Chapter 12 Monitoring and Analyzing Switch Operation
431