KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

361

362

363

364

365

366

367

368

369

370

• Effect of IGMP on mirroring

If both inbound and outbound mirroring is operating when IGMP is enabled on a VLAN, two

copies of mirrored IGMP frames may appear at the mirroring destination.

• Mirrored traffic not encrypted

Mirrored traffic undergoes IPv4 encapsulation, but mirrored encapsulated traffic is not

encrypted.

• IPv4 header added

The IPv4 encapsulation of mirrored traffic adds a 54-byte header to each mirrored frame. If

a resulting frame exceeds the maximum MTU allowed in the network, it is dropped or truncated

(according to the setting of the [truncation] parameter in the mirror command.)

To reduce the number of dropped frames, enable jumbo frames in the mirroring path, including

all intermediate switches and/or routers. (The MTU on the switch is 9220 bytes, which includes

4 bytes for the 802.1Q VLAN tag.)

• Intercepted or injected traffic

The mirroring feature does not protect against either mirrored traffic being intercepted or traffic

being injected into a mirrored stream by an intermediate host.

• Inbound mirrored IPv4-encapsulated frames are not mirrored

The switch does not mirror IPv4-encapsulated mirrored frames that it receives on an interface.

This prevents duplicate mirrored frames in configurations where the port connecting the switch

to the network path for a mirroring destination is also a port whose inbound or outbound

traffic is being mirrored.

For example, if traffic leaving the switch through ports B5, B6, and B7 is being mirrored

through port B7 to a network analyzer, the mirrored frames from traffic on ports B5 and B6

will not be mirrored a second time as they pass through port B7.

• Switch operation as both destination and source

A switch configured as a remote destination switch can also be configured to mirror traffic to

one of its own ports (local mirroring) or to a destination on another switch (remote mirroring.)

• Monitor command note

If session 1 is already configured with a destination, you can enter the [no] vlan vid

monitor or [no] interface port monitor command without mirroring criteria and

a mirror session number. In this case, the switch automatically configures or removes mirroring

for inbound and outbound traffic from the specified VLAN or ports to the destination configured

for session 1.

• Loss of connectivity suspends remote mirroring

When a remote mirroring session is configured on a source switch, the switch sends an ARP

request to the configured destination approximately every 60 seconds. If the source switch

fails to receive the expected ARP response from the destination for the session, transmission

of mirrored traffic in the session halts. However, because the source switch continues to send

ARP requests for each configured remote session, link restoration or discovery of another path

to the destination enables the source switch to resume transmitting the session's mirrored traffic

after a successful ARP response cycle occurs.

Note that if a link's connectivity is repeatedly interrupted ("link toggling"), little or no mirrored

traffic may be allowed for sessions using that link. To verify the status of any mirroring session

configured on the source switch, use the show monitor command.

366 Monitoring and Analyzing Switch Operation