Configuring Port Mirroring to Analyze Traffic on EX Series Switches (NSM Procedure)

You configure port mirroring in order to copy packets so that you can analyze traffic using a protocol analyzer application. You can mirror traffic entering or exiting an interface, or entering a VLAN. You can send the mirrored packets to a local interface to monitor traffic locally or to a VLAN to monitor traffic remotely.

Mirroring a high volume of traffic can be performance intensive for the switch. Therefore, you should disable port mirroring when you are not using it and select specific input interfaces in preference to using the all keyword. You can also limit the amount of mirrored traffic by using a firewall filter or the ratio keyword to mirror only a selection of packets.

Note: Only one analyzer can be enabled on an EX Series switch. To create additional analyzers, first disable any existing analyzers.

Note: Interfaces used as input or output for a port mirror analyzer must be configured as family ethernet-switching.

To mirror interface traffic or VLAN traffic on the switch to an interface on the switch:

  1. In the navigation tree, select Device Manager > Devices. In Device Manager, select the device for which you want to configure a port mirror analyzer.
  2. In the Configuration tree, expand Ethernet Switching Options.
  3. Select Analyzer.
  4. Click the Add icon.
  5. Add/modify member settings for the interface as specified in Table 22.

Note: After you make changes to a device configuration, you must push that updated device configuration to the physical security device for those changes to take effect. You can update multiple devices at one time. See Updating Devices for more information.

Table 22: Analyzer Configuration Fields

Field

Function

Your Action

Input

Ingress

Specifies interfaces or VLANs for which entering traffic is mirrored.

Click Add and select Port or VLAN. Next, select the interfaces or VLANs.

Egress

Specifies interfaces for which traffic exiting the interfaces is mirrored.

Click Add to add egress interfaces.

Output

Interface

Specifies the interface on which traffic exiting is mirrored.

Select the interface.

Vlan

Specifies the VLAN on which traffic exiting is mirrored.

Select the interface.