There is an option for it in the SG300 (Administration, Diagnostics, Port and VLAN Mirroring), and I think I have it setup Correctly, but I seem to only get
Broadcast Traffic...
The Data Sheet says it can do it.
http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps10898/data_sheet_c78-610061.html
Port mirroring | Traffic on a port can be mirrored to another port for analysis with a network analyzer or RMON probe. Up to 8 source ports can be mirrored to one destination port. A single session is supported. |
I have the SG300 setup as follows under Administration, Diagnostics, Port and VLAN Mirroring:
| Port and VLAN Mirroring Table |
| Destination Interface | Source Interface | Type |
| g6 | g1 | Tx and Rx |
| g6 | g4 | Tx and Rx |
| g6 | g8 | Tx and Rx |
| g6 | g9 | Tx and Rx |
| g6 | g10 | Tx and Rx |
Port 1 and 4 go to my Firewall
Port 8 is Mangement on Intranet LAN
Port 9 is VLAN to Internet
Port 10 is VLAN to Remote Office I was going to Try to Monitor VLANs instead of Ports to see if that makes a Difference.
This is the help file from the SG300's Web interface.
Configuring Port and VLAN Mirroring
Port Mirroring is used on a network switch to send a copy of network packets seen on one switch port, multiple switch ports, or an entire VLAN to a network monitoring connection on another switch port. This is commonly used for network appliances that require monitoring of network traffic, such as an intrusion- detection system. A network analyzer connected to the monitoring port displays the data packets for diagnosing, debugging, and performance monitoring. Up to eight sources can be mirrored. This can be any combination of eight individual ports and/or VLANs.
A packet that is received on a network port assigned to a VLAN that is subject to mirroring, is mirrored to the analyzer port even if the packet was eventually trapped or discarded. Packets sent by the switch are mirrored when Transmit (Tx) Mirroring is activated.
Mirroring does not guarantee that all traffic from the source port(s) is received on the analyzer (destination) port. If more data is sent to the analyzer port than it can support, some data might be lost.
VLAN mirroring is not active on a VLAN that was not created. For example, if VLAN 23 was created by GVRP and later on removed from the VLAN database for any reason and you manually created VLAN 34, and you create port mirroring that includes VLAN 23, VLAN 34, or both, and later on delete VLAN 34, the status in port mirroring is set to Not Ready, because the VLANs are no longer in the database.
Only one instance of mirroring is supported system-wide. The analyzer port (or target port for VLAN mirroring or port mirroring) is the same for all the mirrored VLANs or mirrored ports.
To enable port and VLAN mirroring:
- Click Administration > Diagnostics > Port and VLAN Mirroring. The Port and VLAN Mirroring Page opens.
This page displays the following fields:
- Destination Port—Port to which traffic is to be copied; the analyzer port.
- Source Interface—Interface, port, or VLAN, from which traffic is sent to the analyzer port.
- Type—Type of monitoring: incoming to the port, outgoing from the port, or both.
- Status—Whether the interface is up or down.
- Click Add to add a port or VLAN to be mirrored. The Add Port/VLAN Mirroring Page opens.
- Enter the parameters:
- Destination Port—Select the analyzer port to where packets are copied. A network analyzer, such as a PC running Wireshark, is connected to this port. A port identified as a analyzer destination port, it remains the analyzer destination port until all the entries are removed.
- Source Interface—Select Port or VLAN as the source port or source VLAN from where traffic is to be mirrored.
- Type—Select whether incoming, outgoing, or both types of traffic are mirrored to the analyzer port. If Port is selected, the options are:
- Rx Only—Port mirroring on incoming packets.
- Tx Only—Port mirroring on outgoing packets.
- Tx and Rx—Port mirroring on both incoming and outgoing packets.
- Click Apply. Port mirroring is added, and the switch is updated.
