Users Guide
• You can congure any switch in the network with source ports and destination ports, and allow it to function in an intermediate
transport session for a reserved VLAN at the same time for multiple remote-port mirroring sessions. You can enable and disable
individual mirroring sessions.
• BPDU monitoring is not required to use remote port mirroring.
• A remote port mirroring session mirrors monitored trac by prexing the reserved VLAN tag to monitored packets so that they are
copied to the reserve VLAN.
• Mirrored trac is transported across the network using 802.1Q-in-802.1Q tunneling. The source address, destination address and
original VLAN ID of the mirrored packet are preserved with the tagged VLAN header. Untagged source packets are tagged with the
reserve VLAN ID.
• You cannot congure a private VLAN or a GVRP VLAN as the reserved RPM VLAN.
• The L3 interface conguration should be blocked for the reserved VLAN.
• The member port of the reserved VLAN should have MTU and IPMTU value as MAX+4 (to hold the VLAN tag parameter).
• To associate with a source session, the reserved VLAN can have a maximum of 4 member ports.
• To associate with a destination session, the reserved VLAN can have multiple member ports.
• The reserved VLAN cannot have untagged ports.
In the reserved L2 VLAN used for remote port mirroring:
• MAC address learning in the reserved VLAN is automatically disabled.
• The reserved VLAN for remote port mirroring can be automatically congured in intermediate switches by using GVRP.
• There is no restriction on the VLAN IDs used for the reserved remote-mirroring VLAN. Valid VLAN IDs are from 2 to 4094. The default
VLAN ID is not supported.
• In mirrored trac, packets that have the same destination MAC address as an intermediate or destination switch in the path used by
the reserved VLAN to transport the mirrored trac are dropped by the switch that receives the trac if the switch has a L3 VLAN
congured.
In a source session used for remote port mirroring:
• You can congure any port as a source port in a remote-port monitoring session with a maximum of three source ports per port pipe.
• Maximum number of source sessions supported on a switch: 4
• Maximum number of source ports supported in a source session: 128
• You can congure physical ports and port-channels as sources in remote port mirroring and use them in the same source session. You
can use both Layer 2 (congured with the switchport command) and Layer 3 ports as source ports. You can optionally congure one or
more source VLANs to specify the VLAN trac to be mirrored on source ports.
• You can use the default VLAN and native VLANs as a source VLAN.
• You cannot congure the dedicated VLAN used to transport mirrored trac as a source VLAN.
• Egressing remote-vlan packets are rate limited to a default value of 100 Mbps.
In a destination session used for remote port mirroring:
• Maximum number of destination sessions supported on a switch: 64
• Maximum number ports supported in a destination session: 64.
• You can congure any port as a destination port.
• You can congure additional destination ports in an active session.
• You can tunnel the mirrored trac from multiple remote-port source sessions to the same destination port.
• By default, destination port sends the mirror trac to the probe port by stripping o the rpm header. We can also congure the
destination port to send the mirror trac with the rpm header intact in the original mirror trac..
• By default, ingress trac on a destination port is dropped.
Restrictions
When you congure remote port mirroring, the following restrictions apply:
Port Monitoring
771