Lost VLAN configuration on port mirroring

  • 0
  • 1
  • Problem
  • Updated 3 years ago
  • In Progress
i'm trying to mirror port 1:41 (VlanX) to port 1:43 (VlanY)
(for scan ingress-egress flow of port 1:41)

i do this :
configure mirror "Jess" add port 1:41
configure mirror "Jess" to port 1:43
WARNING: This command will remove VLAN membership from the monitor port.         Do you want to continue? (y/N)

This is my problem, because if i tape Yes, the port 1:43 lose its vlan and stp configuration ...

How can i mirror port without change the configuration and lost network connectivity


thanks
Photo of Jessy

Jessy

  • 90 Points 75 badge 2x thumb

Posted 3 years ago

  • 0
  • 1
Photo of Zelnosky, Kevin

Zelnosky, Kevin, Employee

  • 1,124 Points 1k badge 2x thumb
Unfortunately, if you use a port for a monitor of a mirror, then it will wipe config.  There is no way around this.

However, there are other things you can try such as flow-redirect or redirect to a specific port via ACLs.

This will allow you to redirect desired traffic to another port and not wipe out the config.
Photo of Jessy

Jessy

  • 90 Points 75 badge 2x thumb
ok thanks.
but how can i do this ? (do you have link please ?)

thanks
Photo of Harkanwaljeet Singh

Harkanwaljeet Singh

  • 764 Points 500 badge 2x thumb
I am just wondering and curious to know what purpose will be achieved after fulfilling this requirement and why to select the port which has stp configuration?

For me its always a port with no configuration where I connect my laptop to collect wireshark logs.
Photo of Zelnosky, Kevin

Zelnosky, Kevin, Employee

  • 1,124 Points 1k badge 2x thumb
Jessy,
Here are the two methods I referred to previously.

Flow-redirect:

This will match on your ACL conditions and then redirect traffic to a next hop.  Here is a KCS knowledge article about how to configure and implement this feature:

http://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-flow-redirect/?q=flow-redi...

Redirect-Port ACL:

This method will take all traffic that matches your ACL conditions and redirect them to a specific egress port.  Unlike the flow-redirect, this only requires the ACL itself.

Example:
edit policy redirect.pol

entry redirect {
if {
source-address 0.0.0.0/32;
} then {
redirect-port 1:43;
}
}

This will match all traffic on whichever port you apply this ACL and redirect it to port 1:43.  From your original post I would assume it would be something like this:

configure access-list redirect port 1:41 ingress

This will match all traffic that is ingressing port 1:41 and redirect it to port 1:43.
Photo of Prashanth KG

Prashanth KG, Employee

  • 5,300 Points 5k badge 2x thumb
The above 2 methods would re-direct all the traffic. So, the traffic coming in on port 1:41 will be re-directed completely to the port 1:43 irrespective of the destination. This is not exactly like mirroring. 
Photo of Zelnosky, Kevin

Zelnosky, Kevin, Employee

  • 1,124 Points 1k badge 2x thumb
True, was trying to think of alternatives.  There really is no way to mimic mirroring without a free port.
Photo of Prashanth KG

Prashanth KG, Employee

  • 5,300 Points 5k badge 2x thumb
True that:) Just wanted to provide the disclaimer as the flow redirect could result in undesirable results in the network:) 
Photo of Prashanth KG

Prashanth KG, Employee

  • 5,300 Points 5k badge 2x thumb
If you are looking to identify the flow of the traffic on a particular port, you could try the sflow. It samples the packets(not all packets) ingress and egress on a particular port and sends the flow to the sflow collector. 

Please refer the article below on how to configure it: 

How to configure sFlow 
Photo of Zelnosky, Kevin

Zelnosky, Kevin, Employee

  • 1,124 Points 1k badge 2x thumb
Correction to my previous post.  You will want to match on 0.0.0.0/0 for all traffic, was going a bit fast with my response :).
Photo of Jessy

Jessy

  • 90 Points 75 badge 2x thumb
thanks you,
i'll check this tomorrow.

I am just wondering and curious to know what purpose will be achieved after fulfilling this requirement and why to select the port which has stp configuration? For me its always a port with no configuration where I connect my laptop to collect wireshark logs.

Because all end-user port is configured with stp edge port, and in specific vlan (ADMIN-VLAN, USERS-VLAN...) ...
Photo of Zelnosky, Kevin

Zelnosky, Kevin, Employee

  • 1,124 Points 1k badge 2x thumb
Jessy,

Just wanted to give you a disclaimer incase you did not see the replys up above.

This will redirect traffic and not "mirror", there really is no way to mimic mirroring without a free unused port (which would lose its config once configured as a monitor port).

Are your switch ports all being used?