Manualshelf

Specifications

ManualsBrandsAllied Telesis ManualsComputer equipmentRapier 8
11121314151617181920
Switching 8-11
Software Release 2.7.3
C613-03098-00 REV A
Port Mirroring
Port mirroring allows traffic being received and transmitted on a switch port to
be sent to another switch port, the mirror port, usually to capture data with a
protocol analyser. The mirror port is the only switch port that belongs to no
VLANs, and therefore does not participate in any other switching. Before the
mirror port can be set, it must be removed from all VLANs except the default
VLAN. The port cannot be part of a trunk group. Mirroring four or more ports
may significantly reduce switch performance.
To set a mirror port (and remove it from the default VLAN) use the command:
set switch mirror={none|port}
If another port was previously set as the mirror port, this command returns the
previous mirror port to the default VLAN as an untagged port. Return this port
to any VLANs to which it should belong, by using the add vlan port command,
or set it as a tagged port using the set vlan port command if required.
Either traffic received on a port or traffic transmitted by the port, or both, can
be mirrored. To set a source port whose traffic is to be sent to a mirror port, use
the command:
set switch port={port-list|all} mirror={none|rx|tx|both}
To send packets that match particular criteria to the mirror port, first create a
filter match by using the command:
add switch l3filter match
Then create a filter entry with the action parameter set to sendmirror by using
the command:
add switch l3filter=filter-id entry action=sendmirror.
By default, when mirroring is disabled, no mirror port is set and no source
ports are set to be mirrored. Mirroring functions when a switch mirror port is
set to a valid port. When mirroring is enabled and the switch mirror port is set
to none, then mirroring can be disabled by using the commands:
enable switch mirror
disable switch mirror
The show switch port and show switch commands display the switch and
port mirroring settings.
Port Security
The port security feature allows control over the stations connected to each
switch port, by MAC address. If enabled on a port, the switch learns MAC
addresses up to a user-defined limit from 1 to 256, then locks out all other MAC
addresses. One of the following options can be specified for the action taken
when an unknown MAC address is detected on a locked port:
Discard the packet and take no further action,
Discard the packet and notify management with an SNMP trap,
Discard the packet, notify management with an SNMP trap and disable
the port.
To enable port security on a port, set the limit for learned MAC addresses to a
value greater than zero, and specify the action to take for unknown MAC