02-10-2011 04:53 PM - edited 03-06-2019 03:29 PM
I'd like to setup Port/VLAN mirroring on my SG300. I see the place in the Diagnostics where to do it.
I selected a Port, Made sure it was not part of any VLAN, then designated it as the Destination Port. then Took my Two Trunk VLAN Tagged Ports and Pointed them to the Destination Port. I loaded up Network Monitor and I got some Traffic, but seemed to all be Broadcast/ARP requests.
I then mirrored the other non Tagged Ports to the Destination port. I jsut got moreBroadcast/ARP requests traffic. I expected to see Everthing that was going through that switch...
This switch is connected to our Edge Router via two VLANs. I was hoping to see ALL the traffic to/From the Net from here.
Suggestions?
Thanks!
02-10-2011 11:19 PM
I think this is not possible on the 300. You can do this on the 500/520
02-14-2011 06:25 AM
There is an option for it in the SG300 (Administration, Diagnostics, Port and VLAN Mirroring), and I think I have it setup Correctly, but I seem to only get
Broadcast Traffic...
The Data Sheet says it can do it.
http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps10898/data_sheet_c78-610061.html
I have the SG300 setup as follows under Administration, Diagnostics, Port and VLAN Mirroring:
Port and VLAN Mirroring Table | ||
Destination Interface | Source Interface | Type |
g6 | g1 | Tx and Rx |
g6 | g4 | Tx and Rx |
g6 | g8 | Tx and Rx |
g6 | g9 | Tx and Rx |
g6 | g10 | Tx and Rx |
Port 1 and 4 go to my Firewall
Port 8 is Mangement on Intranet LAN
Port 9 is VLAN to Internet
Port 10 is VLAN to Remote Office I was going to Try to Monitor VLANs instead of Ports to see if that makes a Difference.
This is the help file from the SG300's Web interface.
Configuring Port and VLAN Mirroring
Port Mirroring is used on a network switch to send a copy of network packets seen on one switch port, multiple switch ports, or an entire VLAN to a network monitoring connection on another switch port. This is commonly used for network appliances that require monitoring of network traffic, such as an intrusion- detection system. A network analyzer connected to the monitoring port displays the data packets for diagnosing, debugging, and performance monitoring. Up to eight sources can be mirrored. This can be any combination of eight individual ports and/or VLANs.
A packet that is received on a network port assigned to a VLAN that is subject to mirroring, is mirrored to the analyzer port even if the packet was eventually trapped or discarded. Packets sent by the switch are mirrored when Transmit (Tx) Mirroring is activated.
Mirroring does not guarantee that all traffic from the source port(s) is received on the analyzer (destination) port. If more data is sent to the analyzer port than it can support, some data might be lost.
VLAN mirroring is not active on a VLAN that was not created. For example, if VLAN 23 was created by GVRP and later on removed from the VLAN database for any reason and you manually created VLAN 34, and you create port mirroring that includes VLAN 23, VLAN 34, or both, and later on delete VLAN 34, the status in port mirroring is set to Not Ready, because the VLANs are no longer in the database.
Only one instance of mirroring is supported system-wide. The analyzer port (or target port for VLAN mirroring or port mirroring) is the same for all the mirrored VLANs or mirrored ports.
To enable port and VLAN mirroring:
- Click Administration > Diagnostics > Port and VLAN Mirroring. The Port and VLAN Mirroring Page opens.
This page displays the following fields:
- Click Add to add a port or VLAN to be mirrored. The Add Port/VLAN Mirroring Page opens.
- Enter the parameters:
- Destination Port—Select the analyzer port to where packets are copied. A network analyzer, such as a PC running Wireshark, is connected to this port. A port identified as a analyzer destination port, it remains the analyzer destination port until all the entries are removed.
- Source Interface—Select Port or VLAN as the source port or source VLAN from where traffic is to be mirrored.
- Type—Select whether incoming, outgoing, or both types of traffic are mirrored to the analyzer port. If Port is selected, the options are:
- Click Apply. Port mirroring is added, and the switch is updated.
10-21-2015 09:45 AM
Did you get the Port Mirroring to work on the SG 300 Switch?
10-25-2015 07:32 PM
There is an option for it in the SG300 (Administration, Diagnostics, Port and VLAN Mirroring), and I think I have it setup Correctly, but I seem to only get Broadcast Traffic...
Me too, I've set mirroring on SG300-52 to debug VoIP (H.323) traffic but I only see DNS and NTP queries and miscellaneous broadcast packets.
Tried setting destination port to type trunk, access, general thinking it matters, but to no avail. Manual does not specify how we should setup the destination port..
Firm ware version: 1.4.1.3
Boot version : 1.3.5.06
10-26-2015 12:03 AM
Same issue here, my customer asked for instructions, I provided the manual, he said only DNS/NTP queries and miscellaneous broadcast packets were captured, no traffic related to VoIP.
Hope to get an answer for this..
10-26-2015 12:09 AM
@abaniata, Ops, you are one supporting us on the VoIP side. The case you mentioned must be mine!
06-12-2017 08:25 AM
Hi! Is there a current solution? Same issue here
10-01-2017 10:58 AM
If you are in a VM, make sure you enable promiscuous mode on the vSwitch or Port Group. The switch will by default filter any traffic not destined for that device. That fixed it for me.
11-05-2019 12:13 PM
2 years late to the party but I had to login to comment. You're a lifesaver man, I would never have thought of this but it was the exact problem for me and enabling Promiscuous Mode in the receiving vSwitch in ESXi fixed it for me.
Thanks a bunch!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide