Remote Mirror Clarification Wanted

    Posted 03-31-2016 08:45
    I basically have the layout that was discussed in https://community.extremenetworks.com/extreme/topics/remote-mirroring-trunk-lacp, but I was looking for an "official" confirmation.

    Let's say I have an edge switch (460) with multiple vlans, tagged to a shared uplink port 55 (grouped 55-58) to two BD8800s (55/56 going to BD8800-1, 57/58 to BD8800-2) with an ISC/MLAG between the 8800s.

    I need to remote mirror, let's say "Port 1" on the 460, which is an untagged port in a vlan, meaning I need to see the traffic that happens on the 460-Port-1

    My Network Analyzer is plugged into port 5:20 on BD8800-1

    Naive me goes ahead and says on the 460:
    configure mirror add port 1 ingress-and-egress
    configure mirror to port 55 remote-tag 1234

    So far, so good. But as soon as I say:
    enable mirror

    I get the dreaded "Error: Port mirroring cannot be enabled on a trunk member port 55"

    I created a vlan 1234 and added port 55 tagged to it - makes no difference

    I just wanted a confirmation that it's really not possible to use existing shared uplink ports to carry remote mirrors. As much as I hate it, I can understand that there might be technical limitations with shared ports and mirrors - like packet sequences getting out of order perhaps, or some such thing.

    Would I be right to assume that remote mirroring only works over single unshared "uplink" ports - which in my case pretty much means "if you want to remote mirror, fling a new cable from the 8800 with the analyzer to the 460s where you want to monitor ports?

    Yes, I tried to read the documentation, but may have missed that part ๐Ÿ˜‰ At least that way I found the "capture locally to memory, tftp, then analyze" trick that I will be eternally grateful for - just have to be careful to not accidentally use up all the memory!

    Thank you

    Posted 04-05-2016 10:11
    Hi Frank,

    In this situation i recommend opening up a case with GTAC.
    This way the engineer can perform testing and also involve engineering in a discussion in case this should be necessary.

    This way you can also get an "official answer", and possibly it can result (in case there is no simple solution) in a feature request to have this implemented.
    Especially in MLAG designs this will be important.


    Posted 04-05-2016 10:11
    OK, I'll open a case and will post results :)

    Posted 04-06-2016 06:02
    OK, now I feel stupid again. "Extreme Support" came through with a one-liner ๐Ÿ˜‰ . In short: it works as outlined in https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-remote-mirroring-through-...

    On the edge switch where you want to mirror a port:

    set up your mirror with the port you want to have mirrored (ingress/ingress-and-egress...)
    you need an unused port on your switch, let's say "13"
    Let's also say your uplink shared group is port 55 (shared 55, grouped 55-58)

    "enable mirror to port-list 55 loopback port 15 remote tag 1234"

    You don't need to create vlan 1234 on that switch.

    On the next switch(es) up (as per documentation, search the PDF for "mirror" and scroll down for remote mirrors):
    create vlan remote_mirror
    configure vlan remote_mirror tag 1234 remote-mirroring
    configure vlan remote_mirror add ports tagged
    configure vlan remote_mirror add ports [i]

    Do that on the switches up to and including the switch where your network-analyzer sits
    And there just add vlan "remote_mirror" to your mirror config

    I know I found the documentation parts when I started down that path, but somehow must have messed things up.

    Apologies for not having properly read/understood the manual and articles :(

    Posted 04-06-2016 06:02
    Frank: it's complex...it is network engineering, after all!

    I was glad to be able to assist you.

    Posted 04-06-2016 06:02
    Thank you for your kind words :)

    Posted 03-13-2018 00:30
    • In normal mirroring, a monitor port cannot be added to a load share group. In one-to-many mirroring, a monitor port list can be added to a load share group, but a loopback port cannot be used in a load share group.