How can I mirror two separate traffics flows to two monitor ports on the switch?

SCENARIO DESCRIPTION:

In order to troubleshoot specific problems in the administrative network, it is necessary to monitor two separate traffic flows on a single switch.

However, using simple Port Mirroring will not allow monitoring of two separate traffic flows since the Zyxel switch only allows one "monitor port" at any given time.

The solution is to use "RMirror". RMirror allows the creation of a single monitor port for each RMirror VLAN ID. The idea is to encapsulate traffic between Host-A1 and Host-A2 as shown below in one RMirror VLAN, while encapsulating traffic between Host-B1 and Host-B2 in another RMirror VLAN.

* RMirror is only supported by Zyxel L2+ or L3 enterprise switches.

* Each RMirror VLAN will require a reflector port. This means that with two RMirror VLANs, two extra ports will need to be reserved for mirror purposes.

SETUP/STEP BY STEP PROCEDURE:

1. Implement the following topology:

2. Access the Zyxel Enterprise switch through Telnet or Console CLI.

3. Create a RMirror VLAN (VLAN 100). Note that port 10 will be a reflector port.

         Switch# conf

         Switch(config)# rmirror vlan 100

         Switch(config-rmirror)# source reflector-port

         Switch(config-rmirror)# source reflector-port 10

         Switch(config-rmirror)# source mirror-port 1-2

         Switch(config-rmirror)# source mirror-port 1-2 dir in

         Switch(config-rmirror)# connected-port 3

4. Create another RMirror VLAN (VLAN 200). Note that port 20 will be a reflector port.

         Switch# conf

         Switch(config)# rmirror vlan 200

         Switch(config-rmirror)# source reflector-port

         Switch(config-rmirror)# source reflector-port 20

         Switch(config-rmirror)# source mirror-port 4-5

         Switch(config-rmirror)# source mirror-port 4-5 dir in

         Switch(config-rmirror)# connected-port 6

VERIFICATION:

1. Host-A1 should continuously ping Host-A2's IP address.

2. Host-B1 should continuously ping Host-B2's IP address.

3. Open Wireshark on Monitor-A and Monitor-B.

4. Monitor-A and Monitor-B should be able to observe ICMP exchanges between their respective hosts.

* Monitor-A and Monitor-B will receive mirrored traffic with an outer VLAN tag. Make sure that the monitor PC supports NIC that can observe tagged packets.