Mirroring effect simply put, it is to be mirrored to the monitor port traffic monitoring, in order to locate the fault of the monitored traffic, traffic analysis, traffic backup, monitor port is connected to the monitoring host altogether ordinary and so on.
Iis7 achieve modify and query server ports under surveillance target environment.
In order to facilitate the flow of the one or more network interfaces (NIC) is performed analysis, may be forwarded to one or more ports (VLAN) to a data port via a modem or router configuration interchanged, i.e., port mirroring, be achieved monitor network.
To supervise all packets out of the network for the placement of monitoring software management server to fetch data, such as Internet cafes must provide this data to the effectiveness of the police sided review. For the corporate information security, the need to protect company secrets, but also an urgent need to have a network port to provide real-time monitoring of this effect. In the enterprise with port mirroring effect, it can be good for data within the enterprise network monitoring and management, when the network fails, the fault location can be done well.
(Note: the switchboard completely similar to the duplicated data frame sent or drawn a port to another port; wherein duplicated port is referred to as the source port, the port is called copy mirroring destination port.)
classification
Port Mirroring credentials are different classification criteria, the mirror is not the same type. Probation credentials mirrored port mode, respectively, port mirroring divided into the following three types:
进口镜像:只对从该端口进入的流量进行镜像。
出口镜像:只对该端口的发出的流量进行镜像。
双向镜像:支持对该端口收到和发出的双向流量进行镜像。Credentials mirror effect, respectively, port mirroring is divided into two types:
Traffic Mirroring: If the ACL is configured on a port and enabled, that is traffic mirroring. Mirroring flow only through the acquisition of ACL data packet filtering, port mirroring or think it is pure. ACL for traffic data collection, support in the direction of the port (out to, and into the two-way three kinds) binding standard list of visits and expand the list of visits.
Pure port mirroring: traffic in and out of port mirroring.
Mirroring credentials limitations things were, port mirroring is divided into two types:
本地镜像:源端口和目标端口在同一个路由器上。
远端镜像:源端口和目标端口分布在不同的路由器上,镜像流量经过某种封装,实现跨路由器传输。Establish essentials
Cisco CATALYST switch gear port monitor configuration
Cisco CATALYST switch gear is divided into two, said the listening port for the elucidation of the port (analysis port) in CATALYST family.
1, Catalyst 2900XL / 3500XL / 2950 series of the switchboard port monitor configuration (CLI-based)
The following command to configure port listening:
port monitor
For example, F0 / 1 and F0 / 2, F0 / 3 belong to VLAN1, F0 / 1 listening F0 / 2, F0 / 3 ports:
interface FastEthernet0/1
port monitor FastEthernet0/2
port monitor FastEthernet0/3
port monitor VLAN1
2, Catalyst 4000,5000 and 6000 series machines are interchangeable port monitor configuration (based on IOS)
The following command to configure port listening:
set span
For example, a module port 1 and port 2 belong to the VLAN1, VLAN2 port 3, port 4, and 5 in VLAN2, listening port 1 and port 2 3,4,5,
set span 1/1,1/3-5 1/2
2950/3550/3750
Format is as follows:
#monitor session number source interface mod_number/port_number both
#monitor session number destination interface mod_mnumber/port_number
// rx -> indicates that the intake port flow, tx -> out of port traffic both in and out of traffic
for example:
The first mirror, the source port in the first module is a mirror image to the upper port 12 1-10;
#monitor session 1 source interface 1/1-10 both
#monitor session 1 destination interface 1/12
The second mirror, the source port of the second module 13-20 to port 24 of the upper mirror;
#monitor session 2 source interface 2/13-20 both
#monitor session 2 destination interface 2/24
Wherein the parameters can change when a plurality of mirrors, a plurality of modules.
Catalyst 2950 3550 does not support port monitor
C2950#configure terminal
C2950(config)#
C2950(config)#monitor session 1 source interface fastEthernet 0/2
!--- Interface fa 0/2 is configured as source port.
C2950(config)#monitor session 1 destination interface fastEthernet 0/3
!--- Interface fa0/3 is configured as destination port.
Configuration command
- Specifies the elucidation of mouth
feature rovingAnalysis add, or initials fra,
E.g:
Select menu option: feature rovingAn alysis add
Select analysis slot: 1?& nbsp;
Select analysis port: 2
- Specify the listener port and start listening port
feature rovingAnalysis start, or abbreviated fr sta,
E.g:
Select menu option: feature rovingAn alysis start
Select slot to monitor ?(1-12): 1
Select port to monitor&nb sp;?(1-8): 3
- Stop listening port
feature rovingAnalysis stop, or abbreviated fr sto
Common Configuration
Intel said the port monitor is "Mirror Ports". The network traffic being monitored port called "source port" (Source Port), connecting the building listening port called "mirror port" (Mirror Port).
Configuring port monitoring steps:
-
In the navigation menu, Mirror Ports at the click Statistics, the pop-up Mirror Ports information.
-
Click the Configure Source Port column to select the source port, the pop-up Mirror Ports Configuration.
- Perform source port settings: Source Port is the source port of traffic mirroring, port mirroring mouth is drawn from the source port traffic, click Apply OK.
You can monitor selected three kinds of ways:
1. Continuous (Always): all traffic mirroring.
2. Period (Periodic): mirroring all flows in a given period. Periodic mirror disposed in the Sampling Interval configuration.
3. Prohibition (Disabled): closed traffic mirroring.
In Avaya swap drive user's manual, port monitoring is called "Port Mirroring" (Port Mirror).
The following command to configure port listening:
{ set|clear } Port Mirror
设置端口侦 听:set port mirror <mod-port-range> source-port ?<mod-port-range> mirror-port <mod-port-spec> sampling { always | disable | periodic } [ max-packets-sec <max-packets-sec-value>?& nbsp;] [ piggyback-port<mod-port-spec> ]?&nb sp;
Prohibit port monitoring: clear port mirror <mod-port-range>
Command, the limitations mod-port-range specified port; mod-port-spec a particular port; piggyback-port designated port two-way mirror; sampling designated mirror cycle; max-packets-sec is used only when periodic disposed sampling the number of packets per second up to a specified listening port.
Huawei swap drive user's manual, port monitoring is called "Port Mirroring" (Port Mirroring).
Use Huawei Lanswitch View management system to add a mirror port:
● or the Device Setup Stack Setup.
● Click Port Mirroring.
● Click the Add button.
● For the stack, click the Switch and select from the list of a swap.
● Click Reflect from the port and traffic will be mirrored selected.
● Click Reflect to choose and above the selected port.