Port Mirroring Explained: Basis, Configuration & FAQs

What Is Port Mirroring?

Port mirroring is used on a network switch or a router to send a copy of network packets seen on the source ports to other mirror ports. With port mirroring enabled, the packets can be monitored and analyzed. Port mirroring has wide applications. For example, network engineers can use port mirroring to analyze and debug data without affecting the packet processing capabilities of the network devices. And the Ministry of Culture and Public Security can collect related data from port mirroring to analyze the network behaviors, so as to ensure a healthy network environment.

How Does Port Mirroring Work?

Local port mirroring and remote port mirroring are two types based on different working ranges of mirroring. They operate on different principles.

Local port mirroring is the most basic form of mirroring. The source port are located on the same network switch as the monitor port. As shown in the figure below, local port mirroring enables the S3900-48T4S switch to forward the packet copy on the source port (Eth 1/1) to the destination port (Eth 1/2). Then the monitoring device connected with the destination port can monitor and analyze the packet.

As for remote port mirroring, source ports and destination ports are not on the same switch. As shown in the figure below, The source port (Eth 1/3) is S3900-48T4S switch, and the destination port (Eth 1/3) is on the S3900-24F4S switch. The source port forwards the packet copy to the destination port through the uplink connection achieved by the ports on the two switches. Therefore, local port mirroring can realize the data monitoring and analysis across devices.

How to Configure Port Mirroring?

The prerequisite of configuring port mirroring is ensuring the network device (no matter a switch or router) supports port mirroring. And then select one mode, local port mirroring or remote port mirroring configuration.

Local port mirroring configuration roadmap:

• 1. Create a VLAN.

• 2. Add the source port and monitor port to VLAN.

• 3. Configure the IP address.

• 4. Configure port mirroring on the monitor port, and copy the packet from the source port to the monitor port.

Remote port mirroring configuration roadmap:

• 1. Create the source port in a global schema.

• 2. Configure the uplink port on one switch.

• 3. Create a monitor port in a global schema.

• 4. Configure the uplink port on another switch.

Note that:

• 1. Configuration takes effect after setting one port as the source port and setting another port as the destination port in local port mirroring.

• 2. When creating a port mirroring group, only one destination port can be set, but there could be one or more source ports in the group.

• 3. If one port has been specified as the source or monitor port in one mirroring group, it can’t be a member of another port mirroring group.

• 4. It’s recommended that do not apply STP, RSTP, or MSTP on the monitor port, otherwise, the device may malfunction.

In general, users can verify port mirroring results by the software of capturing packets. Run the software on the monitoring device, the configuration succeeds when obtaining the packet sent or received by the source port. If you want to learn more about the detailed port mirroring configuration procedures, you can refer to S3900 Series Switches Configuration Guide.

Common FAQs and Solutions

Port Mirroring vs Traffic Mirroring: What's the Difference?

Traffic mirroring copies the specified traffic to the destination port for analysis and monitoring. The source port copies the data flow that matches the rule from client 2 to the monitor port, which then sends the copied data flow to the monitoring device. With traffic mirroring, only the selected or matched traffic is sent to the monitoring device, while port mirroring copies every packet to the monitoring device.

Port Mirroring vs Port Mapping: What's the Difference?

Port mapping, also called port forwarding, is used to forward an IP address of LAN to WAN, or forward an IP address from WAN to LAN. In a typical residential network, nodes obtain Internet access via a cable modem connected to a router. The router is configured with a public IP address, while the PC behind the router has a private IP address that is invisible to the hosts on the Internet. When users search on Google, the host on the Internet only recognizes the router’s IP and sends the data to the router. Then the router forwards the data to the PC via a port mapping list. Thus, port mapping is a process of data forwarding, while port mirroring is a process of data copying.