Comware

 View Only
Back to discussions
Expand all | Collapse all

HP A5500 monitor and mirroring port (inbound interface=0)

This thread has been viewed 0 times

  • 1.  HP A5500 monitor and mirroring port (inbound interface=0)

    Posted Sep 12, 2013 11:17 AM

    Hi,

     

    Here's the configuration of the port 1/0/46 which is the monitor port of 1/0/3 on a HP A5500:

     

    interface GigabitEthernet1/0/46
     port link-mode bridge
     description Websense N - MONITORING
     port link-type hybrid
     undo port hybrid vlan 1
     port hybrid vlan 4 untagged
     port hybrid pvid vlan 4
     stp disable
     mirroring-group 1 monitor-port

     

    interface GigabitEthernet1/0/3
     port link-mode bridge
     description To Internet thru Checkpoint

     port link-type hybrid
     undo port hybrid vlan 1
     port hybrid vlan 4 untagged
     port hybrid pvid vlan 4
     mirroring-group 1 mirroring-port both

     

    There must be something wrong because I don't get any data in inbound but I get some on the outbound:

     

    [mySwitch] dis counters inbound interface

    Interface            Total(pkts)    Broadcast(pkts)    Multicast(pkts) Err(pkts)
    GE1/0/3                328841695               2253                  0                      0

    GE1/0/46                       0                  0                                0                        0

     

    [mySwitch] dis counters outbound interface

    Interface            Total(pkts)    Broadcast(pkts)    Multicast(pkts) Err(pkts)
    GE1/0/3                639849600             154665             807380         0

    GE1/0/46             969190475             313850             795382         0

     

    Any idea why the monitor port does not get the same data as the mirroring port?

     

    Thanks for your feedback



  • 2.  RE: HP A5500 monitor and mirroring port (inbound interface=0)

    Posted Sep 15, 2013 11:08 AM

    Hi,

     

    If I see it correctly the sum of the inbound and outbound packets on GE1/0/3 is apprx the same as the outbound packets on the GE1/0/43.

     

    The way I understand port mirroring this should be the intended behaviour since you have configured "mirroring-port both"

     

    Configuring mirroring you want the switch to copy the inbound and outbound packets passing through port 3 and send them to port 43. You would typicaly attach a PC with network analyser on port 43 and capture the packes or an IDS/IPS. So the only way for the switch to send the packets to the packet analyser is the send them through port 43 in outbound direction towards to the PC attached to port 43.

     

    This is the way I see it!

     

     

     

     



Related Content