Allow all vlan's on trunk and mirror, even those not defined

  • 0
  • 1
  • Question
  • Updated 12 months ago
  • Answered
We deploy a firewall to inspect traffic at clients sites as part of a security audit.  I'd like to setup a trunk port that mirrors all vlan traffic; even those not specifically defined in the switch (SummitX).  Cisco has an option to allow all vlan's in a trunk and I don't believe it requires that they all be manually created.  In this config, the firewall would receive a copy of all VLAN traffic but it would prevent us from having to get a complete list from the client in advance (many of whom are using someone else and we're doing the audit competitively).  In many cases these are small"ish" customers that don't have all of the details about their network.  While we can do a lot of up-front leg work, I'm trying to minimize it. Also in most cases, the overall traffic will be under the port speed of the mirror so we're likely okay from a traffic mirroring perspective.  Any ideas/thoughts?
Photo of Eric Burke

Eric Burke

  • 2,426 Points 2k badge 2x thumb

Posted 12 months ago

  • 0
  • 1
Photo of Nick Yakimenko

Nick Yakimenko

  • 2,404 Points 2k badge 2x thumb
You could mirror an uplink port but you will have to create vlans on your firewall and inspect each of them separately
Photo of Eric Burke

Eric Burke

  • 2,426 Points 2k badge 2x thumb
Thanks Nick.  That's what I figured.  Was hoping someone had an idea for a "shortcut"...  Thanks again!