About Mirroring


Hello.

I would ask about mirroring.

When receiving (ingress) port mirroring, I can not see the VLAN-ID.

When sending (egress) port mirroring. I can see the vlan-id.

I would like to know how the mirroring process.

After vlan Decapsulation?

before?

3 replies

If the ingress port is untagged you will not see the VLAN-ID and i think th eegress port is tagged hence you see the VLAN-ID
Userlevel 6
Hi DongWook,

The following conditions describe tagging of mirrored packets:
  • Untagged ingress mirrored traffic egresses the monitor port(s) untagged. Tagged ingress mirrored traffic egresses the monitor port tagged.
  • Egress mirrored traffic always egresses the monitor port tagged.
  • On Summit family switches, all traffic ingressing the monitor port or ports is tagged only if the ingress packet is tagged. If the packet arrives at the ingress port as untagged, the packet egresses the monitor port or ports as untagged.
Henrique wrote:

Hi DongWook,

The following conditions describe tagging of mirrored packets:

  • Untagged ingress mirrored traffic egresses the monitor port(s) untagged. Tagged ingress mirrored traffic egresses the monitor port tagged.
  • Egress mirrored traffic always egresses the monitor port tagged.
  • On Summit family switches, all traffic ingressing the monitor port or ports is tagged only if the ingress packet is tagged. If the packet arrives at the ingress port as untagged, the packet egresses the monitor port or ports as untagged.

I've checked using Wireshark.
scenario.

Sw1
-vlan 10 192.168.10.1/24 tag 10
-vlan 20 192.168.20.1/24 tag 20
-vlan 30 192.168.30.1/24 tag 30

===== trunk ======
Sw2
-vlan 10 192.168.10.2/24 tag 10
-vlan 20 192.168.20.2/24 tag 20
-vlan 30 192.168.30.2/24 tag 30

I sent ping. Switch 1 -> Switch 2

Switch1 had confirmed.

ICMP Request message contains an 802.1Q field.
ICMP Reply message not include an 802.1Q filed.

Ingress traffic are decapsulation and then copy?
egress traffic are capsulation and then copy ?
Userlevel 1
Egress mirrored packets are always tagged when egressing the monitor port. If an egress mirrored packet is untagged on the egress mirrored port, the mirrored copy contains a tag with an internal VLAN ID.

Reply