Enable Port mirroring from Cisco switch


Enable Port mirroring from Cisco switch

Port mirroring is useful when we need to sniff for details analysis of traffic. For an example; one would like to use Internet interface (uplink to Internet facing firewall) to analyize Internet traffic using sniffing tools like wireshark. Here source port (2/48) is switch port that used for Internet connection and destination switch port (2/22) is mirror port of 2/48 and connect PC with wireshark.

Port mirroring:

source port 2/48

destination port 2/22

 

Switch#config terminal

Enter configuration commands, one per line. End with CNTL/Z.

 

Switch(config)#monitor session 1 source interface Gi 2/48

Switch(config)#monitor session 1 destination interface Gi 2/22

Switch#Show monitor session 1

 

Switch#show monitor session 1

Switch#show monitor

 

Output:

Session 1

———

Type : Local Session

Source Ports :

Both : Gi2/48

Destination Ports : Gi2/22

 

Egress SPAN Replication State:

Operational mode : Centralized

Configured mode : Centralized (default)

 

VLAN Mirroring:

Beside above; we also could mirror a VLAN.
Below steps are to create mirror port for a particular VLAN eg. vlan 1.

 

source vlan1

destination port 2/22

 

Switch#configure terminal

Switch(config)#interface Gi 2/22

Switch(config-if)#port monitor vlan 1

 

Note: you could enter: #show ip int brief or show int to see the switch port name: eg. Gi 0/1 or fa 0/1 etc

Advertisements

About Robiul

Robiul has 15 years of continuous successful career experience in ICT with extensive background in System Engineering, IT infrastructure design, operations and service delivery, managing IT projects / MIS functions for local and multi-national companies with in-depth knowledge of multiple operating systems as well as construct / manage small to medium size Data Center. Proven ability to design and implement medium to semi-large scale LAN/WAN/WLAN and system infrastructures. Academic qualification: Master of Science in Information Systems. Professional certifications are: MCSE, CCNA, ITIL and FoundStone Security Professional, VCP, NetAPP, CISSP etc.
This entry was posted in Cisco and tagged . Bookmark the permalink.