Remote Port Mirroring on GS1920-24

letssee
letssee Posts: 4  Freshman Member
First Comment
edited August 2022 in Switch
Hello,

I have a question to the mirroring function on the GS1920-24 Switches.
I have two 1920-24 switches and they are connected via a LAG.
I have a server on Switch 2 and want to get mirrored traffic from Switch 1. How can I achive that?
In the menu, I can only find local mirroring but nothing about remote mirroring?
I hope this is possible to realise with the GS1920-24 switch and if not than I wish to add that to the feature ideas for the coming Firmwareversion. This is an important feature for me.
Thank you for the released version 4.50 from march 2018. When can we expect the next firmware?

Thank you
Regards,
letssee

All Replies

  • Zyxel_JonasTan
    Zyxel_JonasTan Posts: 96  Zyxel Employee
    5 Answers First Comment Friend Collector Seventh Anniversary
    edited September 2018

    GS1920 series doesn't support remote-mirroring, due to GS1920 is a low-end device.

    However, good news that there is a workaround to achieve your goal.
    Based on your description, I assume that your topology is relatively close to mine.

    Objective:
    PCA would like to mirror the packet from the server that connected to SW2.


    Workaround:


    Procedure:
    Switch 1:
    1. Check the Active box to enable mirror and configure port 7 as the monitor port.

    Advanced application > Mirroring

    2. Configure classifier, check the Active, Log & Count box to able to verify if the classifier had been hit then input the trunk number that you configure (Ex: T1) and VLAN200 for remote-mirror VLAN.

    Advanced application > Classifier


    3. Configure a policy rule for the created classifier, check the active box and choose the classifier. Then at the Action outgoing category check the “Send the packet to the mirror port”.

    Advanced application > Policy rule

    Configuration Switch 1:


    Switch 2:
    1. Create a VLAN200 for remote-mirroring, add port 1 & 2 to be VLAN200 members. Then click add to apply the configuration.

    Advanced application > VLAN > VLAN Configuration > Static VLAN setup


    2. Configure PVID 200 for port 4 to flood the mirrored packet from port 3 to VLAN200.

    Advanced application > VLAN > VLAN Configuration > Static VLAN setup > VLAN port setup


    3. Check the Active box to enable mirror and configure port 3 as the monitor port then check port 8 to be mirrored and set both for direction.

    Advanced application > Mirroring


    4. Activate port security and disable address learning for port 4 so that it will flood the mirrored packet.

    Advanced application > Port security


    Configuration Switch 2:


    Test Result:
    1. Use ping to create an ICMP packet from the server to desktop.
    2. Open Wireshark on PCA, you will see that ICMP packet of desktop and server will all be mirrored to PCA through VLAN200.


    Hope it helps.

  • letssee
    letssee Posts: 4  Freshman Member
    First Comment
    Hi Jonas,

    thank you for the clarification and your workaround.
    I will try that. I also thought about how to solve my problem and maybe I will go with two adapters on my Wireshark PC. On will be connected to Switch 1 and the other one to Switch 2.
    But I wonder that GS1920 does not have remote mirroring feature but my previous switch GS1910-24 had it? Both are low-end Switches, right?

    Thank you for your help.

    Regards,
    Jochen
  • Zyxel_JonasTan
    Zyxel_JonasTan Posts: 96  Zyxel Employee
    5 Answers First Comment Friend Collector Seventh Anniversary
    Hi Jochen @letssee,

    It's my pleasure. :)

    Yes, GS1910 and GS1920 series are both low-end switches.
    But unfortunately, the chipset of GS1920 doesn't support remote-mirroring, kindly apply the workaround to achieve the goal.

    Hope it helps.