Configure port mirroring
You can configure port mirroring on Sophos Switch. Port mirroring sends traffic to applications that analyze traffic for purposes such as traffic monitoring, packet captures, intrusion detection, and predicting traffic patterns. You need port mirroring for traffic analysis on a switch because a switch normally sends packets only to the port to which the destination device is connected. When you turn on port mirroring, it allows the switch to send traffic to multiple ports without affecting the device on the original destination port.
Network diagram
In this example, you'll use the switch CLI to turn on port mirroring and allow an endpoint computer connected to port 8 to monitor traffic between two other endpoint computers connected to ports 2 and 4 on the switch. Here's the network schema:
Configuration
To configure port mirroring, do as follows:
- Sign in to the switch CLI.
-
Switch to global configuration mode by entering the following command:
configure terminal -
Set ports 0/2 and 0/4 as the source ports and allow them to mirror both transmitted and received traffic. Run the following commands:
monitor session 1 source interface gigabitethernet 0/2 both monitor session 1 source interface gigabitethernet 0/4 both -
Set port 0/8 as the destination port and allow it to receive the mirrored packets. Run the following command:
monitor session 1 destination interface gigabitethernet 0/8 allow-ingress -
Type
exitand press Enter to leave global configuration mode. -
Confirm the port mirroring settings by running the following command:
show monitor session 1Example output:
CS210-8FP# show monitor session 1 Mirroring is globally Enabled. Session : 1 ------- Source Ports Rx : None Tx : None Both : Gi0/2,Gi0/4 Destination Ports : Gi0/8 Allow Ingress : Enable
Tip
You can turn port mirroring off anytime using the no monitor session 1 command.