Port Mirror is done when you would like to investigate traffic.
By enabling port mirror, you are sending a copy of a port traffic to
another port. Some switches can be done via the GUI and most of them
can be done via command-line. Here is some tips on configuring Port Mirror:
- Define the port which should receive the traffic:
mirror-port 1/1/24 - Then configure the port which will be mirrored from:
interface 1/1/12 monitor - Should you require a VLAN to be monitored, you can:
vlan 1 monitor - Should you wish to mirror a range of ports:
mirror-port range <1 – 5> - When you complete your troubleshooting, you can switch off the port mirror:
no mirror-port - Once you completed, you can run the following to check if the port mirror configuration is correct: Show monitor
- Then, depending on the switch type, you may have multiple sessions. Select the session you want to confirm: Show monitor 1
Then you can have the port connected to a physical or virtual machine. You can use Wireshark or fiddler (personal recommendation) to monitor the traffic. Start the monitor, allow few minutes, stop the monitor and then save a PCAP file. Then open in Wireshark or fiddler. This method is also used in troubleshooting Exchange connectivity, setup issues and even intermittent issues.