Perch Help
menu
close Browse All Contact Us

Mirroring

VMware Port Mirroring

How to monitor network traffic through a VMware vSwitch

Configure VMware

  1. Identify a spare NIC on the VMware host to consume the mirrored traffic from the physical switch. If you have a switch capable of RSPAN, you can leverage that instead of a dedicated physical NIC. Please take a look at our Cisco RSPAN documentation for more details.
  2. From the Configuration tab, go to Networking and then open Properties
  3. Inside properties, click Add to create a new virtual switch
  4. Select Virtual Machine as the Connection Type
  5. Change the name of the Network Label to something that fits the naming convention of your environment. We will use Mirror as the example.
  6. Ensure the information looks correct and select Finish
  7. Enable Promiscuous Mode by selecting Mirror and choosing Edit
  8. Click the Security tab and ensure Promiscuous Mode is checked and Accept is selected
  9. Set the VLAN ID to 4095

Note:

A VLAN ID of 4095 represents all trunked VLANs

Configure Virtual Machine

  1. After the Virtual Machine has been imported, edit settings and choose Network Adapter 2 (this maps to ens34 in the VM). Choose Mirror for the Network Connection.