Mailing List
Mailing List
Sign Up Here
Like, follow & share: visit DrayTek UK's Facebook page visit DrayTek UK's Twitter page visit DrayTek UK's Linkedin page
DrayTek

Port Mirroring on DrayTek Routers

Products:
Vigor 2832
Vigor 2952
Vigor 3220
Vigor 3300V+
Show all

Keywords:
ethereal
packet trace
port mirror
wireshark

Most of the current DrayTek routers are capable of mirroring packets from the router's switch ports to a specified LAN port which can then be used with packet capture utilities or monitoring software such as the DrayTek SmartMonitor utility.

This is a switch function and on routers with in-built wireless, it is not possible for the port mirroring facility to mirror wireless traffic to the specified mirror port. In that scenario, we recommend using a separate access point.



On the Vigor 2820 series including the Vigor IPPBX 2820, the router can mirror traffic from LAN ports and WAN2 to a specified port either via the telnet or web interface of the router.

Due to the way the Vigor 2820's hardware is designed; when a port is set up to operate as a mirror port, it can then only receive traffic and will otherwise lose network access.

Disable the Port Mirror facility via the web interface so that the mirror port can operate normally as a LAN port again.

Web Interface

  • Go to [LAN] > [LAN Port Mirror]
  • Set Port Mirror to Enable
  • Select the Mirror Port which will be the port listening to the rest of the network
  • Tick which ports the router will be listening to under the Mirrored Port section

 

Telnet

  • Access the router's telnet interface by accessing the command prompt and entering "telnet 192.168.1.1" (substitute 192.168.1.1 with your router's IP)
  • If Telnet is unavailable in Windows, please check this guide or use Putty terminal software
  • At the telnet prompt, log into the router
  • This is the syntax for the "port sniff" command, which controls port mirroring via telnet:


> port sniff status - will show the status of the monitor port facility
> port sniff port - this will show the ports available to use as the mirror port
> port sniff txrx - this will show the ports available to mirror. This can also be used to mirror WAN2 traffic on some routers
> port sniff on - enables the port mirror facility
> port sniff off - disables the port mirror facility
> port sniff restart - restarts the switch to apply changes required to activate port mirroring.


Telnet Example 1

In this example, Port 4 will be set as the mirror port and Ports 1, 2 and 3 will be set as the listening ports:

> port sniff port p4
> port sniff txrx p1 p2 p3
> port sniff status
> port sniff restart
> port sniff on


Telnet Example 2

In this example, Port 4 will be set as the mirror port and Port 1 and WAN2 will be set as the listening ports:

> port sniff port p4
> port sniff txrx p1 WAN2
> port sniff status
> port sniff restart
> port sniff on


On the DrayTek Vigor 2830, 2850 and 2920 series, the routers are able to mirror traffic from the LAN ports and WAN2 to a specified port either via the telnet or web interface of the router.

Disable the Port Mirror facility via the web interface so that the mirror port can operate normally as a LAN port again.

On the Vigor 2830 and Vigor 2920 series, with 3.3.6.x firmware, the mirror port is receive only. From firmware versions 3.3.7.x onwards, the mirror port is capable of two way communication and operates as a normal LAN port.

Web Interface

  • Go to [LAN] > [LAN Port Mirror]
  • Set Port Mirror to Enable
  • Select the Mirror Port which will be the port listening to the rest of the network
  • Tick which ports the router will be listening to under the Mirrored Port section

 

Telnet

  • Access the router's telnet interface by accessing the command prompt and entering "telnet 192.168.1.1" (substitute 192.168.1.1 with your router's IP)
  • If Telnet is unavailable in Windows, please check this guide or use Putty terminal software
  • At the telnet prompt, log into the router
  • This is the syntax for the "port sniff" command, which controls port mirroring via telnet:


> port sniff status - will show the status of the monitor port facility
> port sniff port - this will show the ports available to use as the mirror port
> port sniff txrx - this will show the ports available to mirror. This can also be used to mirror WAN2 traffic on some routers
> port sniff on - enables the port mirror facility
> port sniff off - disables the port mirror facility
> port sniff restart - restarts the switch to apply changes required to activate port mirroring.

 


Telnet Example 1

In this example, Port 4 will be set as the mirror port and Ports 1, 2 and 3 will be set as the listening ports:

> port sniff port p4
> port sniff txrx p1 p2 p3
> port sniff status
> port sniff restart
> port sniff on


Telnet Example 2

In this example, Port 4 will be set as the mirror port and Port 1 and WAN2 will be set as the listening ports:

> port sniff port p4
> port sniff txrx p1 WAN2
> port sniff status
> port sniff restart
> port sniff on



On the DrayTek Vigor 2860 and 2925 series, the routers are able to mirror traffic from the LAN ports to a specified port either via the telnet or web interface of the router. Disable the Port Mirror facility via the web interface so that the mirror port can operate normally as a LAN port again.

The Vigor 2860 is able to monitor WAN1 (xDSL) traffic for diagnostic purposes from firmware 3.7.4.1 onwards. This is not recommended for permanent use.

Web Interface

  • Go to [LAN] > [LAN Port Mirror]
  • Set Port Mirror to Enable
  • Select the Mirror Port which will be the port listening to the rest of the network
  • Tick which ports the router will be listening to under the Mirrored Port section

 

Capturing WAN1 (xDSL) traffic on the Vigor 2860

  • Go to [LAN] > [LAN Port Mirror]
  • Set Port Mirror to Enable
  • Select the Mirror Port which will be the port listening to the rest of the network
  • Tick the Mirrored Tx Port and Mirrored Rx Port options in the WAN1 column
  • Click OK to apply the change.
  • Go to [WAN] > [Internet Access]
    • If WAN1 is set to Static or Dynamic IP, no further changes are required and it is possible to capture packets on that WAN interface.
    • If WAN1 is using PPPoE or PPPoA, complete the following steps before capturing packets:
  • Click on the Details Page button for WAN1
  • Under the Modem Settings, check the Protocol, if it is set to PPPoA, change it to PPPoE
  • Click OK to apply the changes and restart the router when prompted
  • It will now be possible to capture packets from the WAN1 interface, once the internet connection has reconnected

 

Telnet

  • Access the router's telnet interface by accessing the command prompt and entering "telnet 192.168.1.1" (substitute 192.168.1.1 with your router's IP)
  • If Telnet is unavailable in Windows, please check this guide or use Putty terminal software
  • At the telnet prompt, log into the router
  • This is the syntax for the "port sniff" command, which controls port mirroring via telnet:


> port sniff status - will show the status of the monitor port facility
> port sniff port - this will show the ports available to use as the mirror port
> port sniff txrx - this will show the ports available to mirror. This can also be used to mirror WAN2 traffic on some routers
> port sniff on - enables the port mirror facility
> port sniff off - disables the port mirror facility
> port sniff restart - restarts the switch to apply changes required to activate port mirroring.

 


Telnet Example

In this example, Port 6 will be set as the mirror port and Ports 1, 2, 3, 4 and 5 will be set as the listening ports:

> port sniff port p6
> port sniff txrx p1 p2 p3 p4 p5

> port sniff status
> port sniff restart
> port sniff on



The DrayTek Vigor 2930 series is capable of using LAN port 1 as a mirror port to listen to all other LAN ports.
This can affect throughput if the WAN throughput is above 40mbps.

 

Web Interface

  • Go to [LAN] > [VLAN(Monitor)]
  • Tick Enable and click OK
  • Use LAN port 1 to mirror traffic from the LAN that is sent through the router

 

Telnet

  • Access the router's telnet interface by accessing the command prompt and entering "telnet 192.168.1.1" (substitute 192.168.1.1 with your router's IP)
  • If Telnet is unavailable in Windows, please check this guide or use Putty terminal software
  • At the telnet prompt, log into the router
  • This is the syntax for the "port sniff" command, which controls port mirroring via telnet:


> port sniff status - will show the status of the monitor port facility
> port sniff on - enables the port mirror facility
> port sniff off - disables the port mirror facility


The DrayTek Vigor 3200 is able to mirror traffic from the LAN port 1 interface to WAN port 4 for monitoring / debug purposes

 

Web Interface

  • Go to [LAN] > [LAN Port Mirror]
  • Set Port Mirror to Enable
  • Select the Mirror Port which will be the port listening to the rest of the network
  • Tick which ports the router will be listening to under the Mirrored Port section

 

Telnet

  • Access the router's telnet interface by accessing the command prompt and entering "telnet 192.168.1.1" (substitute 192.168.1.1 with your router's IP)
  • If Telnet is unavailable in Windows, please check this guide or use Putty terminal software
  • At the telnet prompt, log into the router
  • This is the syntax for the "port sniff" command, which controls port mirroring via telnet:


> port sniff status - will show the status of the monitor port facility
> port sniff port - this will show the ports available to use as the mirror port
> port sniff txrx - this will show the ports available to mirror. This can also be used to mirror WAN2 traffic on some routers
> port sniff on - enables the port mirror facility
> port sniff off - disables the port mirror facility
> port sniff restart - restarts the switch to apply changes required to activate port mirroring.

 


Telnet Example

In this example, WAN port 4 will be set as the mirror port and Port 1 will be set as the listening port:

> port sniff port wan4
> port sniff txrx p1
> port sniff status
> port sniff restart
> port sniff on


The DrayTek Vigor 3300 series (both the 3300V and 3300V+ models) are able to mirror traffic from the LAN ports to a specified port either via the telnet or web interface of the router.
It can also monitor the WAN ports using the [Advanced] > [WAN Port Mirroring] menu.

Web Interface

  • Go to [Advanced] > [LAN Port Mirroring]
  • Set Port Mirror to Enable
  • Select the Mirroring Port which will be the port listening to the rest of the network
  • Tick which ports the router will be listening to under the Mirrored Port(s) section

 

Telnet

  • Access the router's telnet interface by accessing the command prompt and entering "telnet 192.168.1.1" (substitute 192.168.1.1 with your router's IP)
  • If Telnet is unavailable in Windows, please check this guide or use Putty terminal software
  • At the telnet prompt, log into the router


Telnet Example

In this example, LAN port 4 will be set as the mirror port and Ports 1, 2 and 3 will be set as the listening ports:

> advance
> portmirror -s
> portmirror 1 4 1 1 1 1
> portmirror -s

To disable the port mirroring:

> advance
> portmirror 0 1 0 0 0 0
> portmirror -s

The DrayTek Vigor 2950, 2955 and 5510 routers each have a dedicated monitoring port which is labelled LAN/Monitor and is separate from the other LAN ports. When the port is in port mirroring mode, this is indicated by the "Monitor" light which will be lit on the unit. This can be configured through the telnet interface of the router:

Telnet

  • Access the router's telnet interface by accessing the command prompt and entering "telnet 192.168.1.1" (substitute 192.168.1.1 with your router's IP)
  • If Telnet is unavailable in Windows, please check this guide or use Putty terminal software
  • At the telnet prompt, log into the router

> mngt lanmonitor status - This will show the status of the Monitor port
> mngt lanmonitor on - This puts the LAN/Monitor port into Monitor mode
> mngt lanmonitor off - This puts the LAN/Monitor port into LAN port mode


The DrayTek Vigor 2960, 3900 and 300B are able to mirror traffic from the LAN ports to a specified port either via the telnet or web interface of the router.
It is possible to monitor the WAN ports in the same way using the [WAN] > [Switch] menu then the [Mirror] tab.

Web Interface

  • Go to [LAN] > [Switch]  then go to the [Mirror] tab
  • Set the Mirroring Port to the port that will be listening to other ports on the switch
  • Tick which ports the router will be listening to under the Mirrored Port(s) section

 

Telnet

  • Access the router's telnet interface by accessing the command prompt and entering "telnet 192.168.1.1" (substitute 192.168.1.1 with your router's IP)
  • If Telnet is unavailable in Windows, please check this guide or use Putty terminal software
  • At the telnet prompt, log into the router


Telnet Example

In this example, LAN port 2 will be set as the mirror port and Port 1 will be set as the listening port:

> enable
> configure terminal
> lan
> switch
> mirror get -
This will show the status of the port mirroring
> mirror set status enable - This will enable the port mirroring
> mirror set mirroring LAN_Port_2 -
This will set the mirroring (monitor) port to LAN port 2
> mirror set mirrored LAN_Port_1 - This will set the mirrored (listening) port to LAN port 1


 

How do you rate this article?

1 1 1 1 1 1 1 1 1 1




Add a comment to this article

In the below box, you can add comments which you consider might be helpful to other users reading this article:

(As you'd like it to appear on the comment)


NOTE : All comments are reviewed before publication and may not be posted or may be redacted if the editors do not consider them helpful. The use of offensive or obscene language, copyrighted material, or advertising or promotion or linking to any other product or service is prohibited. By submitting your comment, you confirm that you are the original author and assign copyright of the content to DrayTek indefinitely and irrevocably.