This application is based on an older application note which describes the Vigor2820 router setup. However most of the configuration steps also apply to later model routers which have the port mirror function.
There are 3 ways you can set up the environment for Smart Monitor:
- With port mirroring function on Vigor Router
- With an Ethernet switch which supports port mirroring
- With a network hub or repeater hub
I. With port mirroring function on Vigor2820
A network switch with Port Mirroring capability can be used to send a copy of packets from mirrored ports to the switch port that is connected to the network monitoring server. This is commonly used for network applications that require monitoring of network traffic, such as Smart Monitor. The switch built in Vigor2820 also supports port mirroring function. The port on the Vigor2820 in mirroring status is limited to receive packets only. Since Smart Monitor authentication and the remote management require the port to be able to send packets as well, the network connection must be set as figure shown below:
Note: Later model routers do not have this limitation and only a single LAN connection to Smart Monitor server is required.
- Prepare two NICs on the Smart Monitor server.
- Connect NIC1 to LAN port 1 and NIC2 to LAN port 2.
- Assign two different IP addresses to these two NIC’s respectively. They must be within the same subnet. In this example, 192.168.1.10 is assigned to NIC1 and 192.168.1.11 is assigned to NIC2.
- Open the web configurator of Vigor2820 and open LAN >> LAN Port Mirror page to configure the router as shown below. In this example, P2 (LAN port 2) is configured as mirror port. Thus all the other LAN ports (P1, P3 and P4) will send a copy of network packets to P2.
- Since NIC2 is connected to LAN port 2, it will receive the network packets from other LAN ports. Select this NIC as the Interface in the system setting page of SmartMonitor.
Please note that in port mirroring mode, P2 is unable to send any packet out. It can just receive packets. In the following situations, SmartMonitor server must be able to send packets.
- SmartMonitor server sends authentication information to the router.
- For the remote management and monitor via http://(IP of smart monitor). That’s why we configure the other NIC on the SmartMonitor server and connects it to the router.
- NIC1 is connected to a normal LAN port and it will send authentication packets to Vigor2820. Furthermore, NIC1 is for remote access as well. If you want to access SmartMonitor server from other computers in the same LAN, you must use the IP address of NIC1 (http://192.168.1.10). If you want SmartMonitor server to be accessed from Internet, you must type the default gateway (192.168.1.1) for NIC1.
II. With an Ethernet switch which supports port mirroring
You don’t want to install two NICs on the SmartMonitor server, and you have an Ethernet switch supporting port mirroring. Most importantly, the mirror port is able to receive and send packets at the same time. Then, you can connect the devices as shown below:
1. Connect one of Vigor2820’s LAN ports to the switch.
2. Assign one of switch’s ports as Mirror Port to do port mirroring. Setup the other ports to send a copy of network packets to this Mirror Port.
3. Connect the SmartMonitor server to the Mirror Port of the switch.
4. Connect all the other computers to the same switch directly or through other switch.
Note: With the above configuration, if you connect a computer to one of Vigor2820’s LAN ports directly, the traffic will not be monitored by SmartMonitor Server.
III. With a network hub or repeater hub
Any packet entering one port on a hub will broadcast out on all other ports. For inserting a protocol analyzer into a network connection, a hub is an alternative to a port mirroring. To setup a SmartMonitor environment with a hub, you must connect SmartMonitor server, Vigor router and all internal network nodes to the same hub as figure shown below:
1. Connect one of Vigor2820’s LAN ports to the hub.
2. Connect SmartMonitor server to the same hub.
3. Connect all the other computers to the same hub directly or through other switch.
Note: With the above setup, if you connect a computer to one of Vigor2820’s LAN ports directly, the traffic will not be monitored by SmartMonitor Server.