Port Mirroring Function of Industrial Switches

Mirroring refers to copying the packets passing through a specified port (source port or mirroring port) to another specified port (destination port or observing port). Port mirroring, as the name implies, is a mirroring operation for a port, which replicates and forwards the data traffic of a switch port to another port. Through this port, network engineers can capture data packets for analysis, monitoring, and online debugging. This process is port mirroring.

Basic Concepts of Mirroring Ports and Observing Ports

Mirrored port: refers to the monitored port. The packets sent and received by the mirrored port will be copied to the port connected to the monitoring device.

Observing port: refers to the port connected to the monitoring device, and is used to send the packets copied from the mirror port to the monitoring device.Generally, the observation port is dedicated to forwarding mirrored traffic. Therefore, it is not recommended to configure other services on it to prevent the mirrored traffic and other service traffic from affecting each other when forwarded on the observation port at the same time.

Port Mirroring Principle

The managed Industrial Switch forwards the data traffic of one or more source ports connected to the terminal equipment to a designated port, checks the network traffic without affecting the original network, and does not need to purchase any other special equipment in the whole process. Usually this designated port is called "mirror port" or "observation port". Managers who pay more attention to real-time monitoring can use the mirror port to analyze and monitor network traffic and data to facilitate timely online debugging.

For example, we can set one of the ports as a "mirror port", and then forward the traffic to be monitored to this mirror port, so that we can monitor the target by connecting the monitored computer A to this port. The figure shows an example of port mirroring.

Based on the working scope of mirroring, industrial switches have two modes: local port mirroring and remote port mirroring.

Local port mirroring

Local port mirroring means that the source port and the destination port are on the same switch, and the destination port is connected to the monitoring device to view, monitor and analyze the traffic and data passing through the source port.

Remote port mirroring

Remote port mirroring means that the source port and destination port are not on the same switch device. Today's security networks are basically large-scale networks, with monitoring points ranging from hundreds to thousands. In this case, remote port mirroring of managed industrial switches can help you achieve easy operation and maintenance.

Remote port mirroring copies the traffic of one or more source ports on the remote industrial switch to an uplink port, which is connected to the managed industrial switch in the monitoring center. Finally, the data traffic of the uplink port is copied and forwarded to the mirrored port. destination port. Through this mirror port, network administrators can analyze the traffic and data of all remote devices in the monitoring center, debug data or diagnose network errors without leaving home. When the network fails, they can quickly locate the fault.

In general, the significance of the port mirroring function is that by monitoring the data traffic mirrored by the industrial switch port, the enterprise can ensure the security of enterprise information and prevent important data and secrets from being leaked.In addition, when there is a problem in the enterprise network, port mirroring can also help to quickly find the source of the problem and solve the network failure.