port mirroring question

On the web browser...I thought I did everyting the way it shoudl have looked...It did not work!
I need port 6 to be the mirror
          port 7   should be for input
         port   8  should be for output

When I made the changes to the switch the internet when down company wide...Somehow the appropriate configuration had been removed....this morning..I think we had a faulty cable, could this remove the correct coifguration form the ports in question?  How can I reconfigure the port without causing an interupption to our internet?
LamrskiAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

aleghartCommented:
You can lose a switch's configuration if you did not save before re-booting.  Often, you can alter a running configuration substantially...but will lose everything if you don't save it.

Best thing to do (not knowing any specifics) is to revert to the last running configuration.  Hopefully this will be only one step before the change you made that downed the network.
0
LamrskiAuthor Commented:
Where can I find the last know good configuration?  Is it in the flash?   The systems has not been rebooted so I don't know how we could of lost the configuration in the first place?
0
LamrskiAuthor Commented:
On the file manager screen, I see the configuaration file  and it shows that files have not changed since Jan 1, 2000?
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

aleghartCommented:
I don't have your switch.  The general answer is, it's saved wherever you saved it.  For me, I save a copy to my desktop immediately, then archive it to a network share in case I have to revert the settings.

Some switches have the ability to keep backup settings in their flash memory, so you can choose to boot from the current saved config or revert to the backup config.  Does yours have this?  And, more importantly, did you save/backup the settings?  If you didn't save them, you're back at square one, and must re-configure the switch from scratch.
0
aleghartCommented:
> files have not changed since Jan 1, 2000?

While it's possible the switch was reset, firmware replaced, or firmware crashed, you indicate the only thing you did was change the config and plug in a cable.

It definitely looks like the running configuration was never saved, so, it does look like you're back to square one if you don't have a configuration saved to your desktop/server.

Depending on the complexity of the switch configuration, I'd do the following:

1. simple, flat network with nothing special:
install a temporary dumb switch to get some portion of the network working
update switch firmware to most current/stable
reset all settings
boot to factory...make sure it works with existing LAN (reconnect equipment)
customize config up to before the point of port mirroring, save settings & backup
configure port mirror, test LAN

2. complex network, with routes, VLAN, LAGs, etc
call tech support to diagnose switch and walk through configuration


Question:  why do you need the port mirroring turned on?  From the sounds of it, you don't have a network admin there to work on the LAN equipment?

From what I've seen, you don't use 3 ports for a mirror (by definition a mirror is the original plus a reflection).  There is a source port & destination port (2 ports total).  They must match exactly in speed/config or you'll drop traffic on the destination port.  That shouldn't bring the network down, as the destination port is usually your workstation or other monitoring-type equipment that is doing sampling/recording of the traffic.  The source port should remain operational.

Also, with your switch, the source & destination must be in the same group (both in 1-12 or 13-24, but not one in each group).

http://docs.us.dell.com/support/systemsinfo/document.aspx?c=us&l=en&s=bsd&~file=/network/5p788/en/ug/pc5224cd.htm#1099395
0
LamrskiAuthor Commented:
port 6 goes to our sonicwall and port 8 --the cable that goes to port 8  is labeled with "monitoring " and it comes from web filtering apliance
0
LamrskiAuthor Commented:
I gues my question is which would be for a destination port and which would be the source port?
0
LamrskiAuthor Commented:
Dell  Port 6 goes to our sonicwall LAN interface.
0
aleghartCommented:
A mirror is not used for web filtering. It's used for monitoring.  Also, since the SonicWALL also has filtering capabilities...it's up to the admin to design if the firewall comes first or the alternate filtering appliance.

If the appliance is just a reporting/damping device, and the Sonicwall is the real filter, then use a mirror with  as source, set to Tx and Rx.
0
LamrskiAuthor Commented:
The sonicwall is our firewall and the webfilter is just a damping device.. port 6 is to the firewall and port 8 goes to the web filtering device.  Which one should I set as the source?  
0
aleghartCommented:
By 'damping', do you mean it's a proxy?  If so, an HTTP proxy can be upstream or downstream of your internet gateway.  I don't understand why you'd want it to be a mirror of the internet gateway.  That would only record a subset of the traffic (usually HTTP on a proxy)...a multi-protocol monitor would be more useful.

Who designed the network?  Why are the internet gateway and a proxy being setup on mirrored ports?
0
LamrskiAuthor Commented:

If I want to make a mirror image of port 6 to port 8, would port 6 be my source port and port 8 be my destination port?  Also, do you know if when I make this change if there will be any interruption in service to the internet?  Thank you for your help with this...I'm trying to get our web filterer back up and running,  but I can't have any more interruptions to the internet.
0
LamrskiAuthor Commented:
They call the connection a monitor, but it is port mirroring that is done.  They have had this problem of losing this port forwarding before I started working here.  Today has been a serious headache because our production server went down as a result as well.
0
Fred MarshallPrincipalCommented:
Monitoring port traffic via a port mirror is common.  But it does *nothing* but provide you with information.  So, whether mirroring or not is configured or turned on isn't likely to matter

 .... except:

Let's suppose that you have cables coming into a switch.  One of those is supposed to be to the mirror monitor computer.  It might have any old IP address you like - not even on the subnet.  
Let's suppose that the IP address of the monitoring interface is some strange thing that has *meaning" to the rest of the system.
Let's suppose that mirroring is not set up and the "supposed to be the mirroring port" isn't that at all.  It's just another port on the switch connected to the subnet.
Now you connect the cable that's intended to be the mirror monitor and *maybe* something strange happens because of the IP address, etc. at the other end of the cable being connected into the subnet.

So, if you leave that cable disconnected until the switch is configured then it can't cause trouble.

One could say the same sort of thing about VLANs.  If there are no VLANs then configuration won't matter in this regard.

There's probably more but these would be the highlights for common managed switches.
0
aleghartCommented:
> I want to make a mirror image of port 6 to port 8, would port 6 be my source port and port 8 be my destination port?

Yes...port 6 is the source, 8 is the destination


>when I make this change if there will be any interruption in service to the internet

Depends.  If the web filter is already functioning as a proxy/filter on port 8, then you turn that port into a mirror-destination...then the LAN will lose connectivity to the web filter.

What is the IP address of the web filter?  If it's a standard proxy, then it has to listen on a particular IP address...and if it is using a mirrored port to collect data, then it _must_ have the same IP address as your internet firewall.

But, that means if the mirror is broken, then you now have two devices on the LAN with the same IP address:  internet firewall & the web filter.

Quick fix: pull the network cable off the web filter. Now, the internet firewall is the only device with that IP address, and the LAN should go back to "normal".  If the web filter is plugged in, all traffic destined for the internet will be switched to the filter...which has no real connection to the internet (since it is just a monitor)...and the LAN will lose internet connectivity again.

Like I said, it all depends on how the network was designed.  It's not a plug-and-pray kind of thing.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
LamrskiAuthor Commented:
I want to say thank you....I made the configuration today and now the web filtering is back up and running....I'm half way though my CCNA and I am trying to understand, but some of it still over my head .. Thank you very much
0
aleghartCommented:
Good job getting it running...hard to learn on your own sometimes.  But, I learned by the sink-or-swim method too.
0
LamrskiAuthor Commented:
I hope to have your advise again sometime......I hope to one day be able to advise others..it may be a while  :)  I hope you have a great day...and truly enough thanks again!!
take care,
lamrski
0
LamrskiAuthor Commented:
Very thankful for the help!!!
The answer was concise, and understandable.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Switches / Hubs

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.