Header Only - DO NOT REMOVE - Extreme Networks
Question

How to create mirror port on X590


Userlevel 1

Good Morning, we replaced an Enterasys S4 with a pair of X590s.

The customer configured on S4 an IDS ( Snort ) to monitor the vlans ( one port for each vlan )

with this command:

set vlan interface 1 create
set smon vlan create vtap.0.1
set port mirroring create vtap.0.1 ge.4.13 both

set vlan interface 50 create
set smon vlan create vtap.0.50
set port mirroring create vtap.0.50 ge.4.18 both

set vlan interface 100 create
set smon vlan create vtap.0.100
set port mirroring create vtap.0.100 ge.4.19 both

 

In this way the interfaces belong to a vlan and have an ip address.

Is possible to do the same on X590 ?

Thanks

Giuseppe

 


6 replies

Userlevel 3
Badge

Giuseppe,

Did you checked https://gtacknowledge.extremenetworks.com/articles/How_To/How-To-Enable-And-Configure-Mirroring-In-EXOS ?

Mig

Userlevel 1
Hi Miguel, yes, I created a mirror port to monitor the vlan, but the port to which I connect the IDS does not belong to any Vlan, while in the S series with the commands that I have shown the port belongs to a vlan and I can configure a IP address of that Vlan on IDS.

I would like to do the same on X590 if is possible obviously.

Giuseppe

Userlevel 3
Badge

From the doc:

 

Userlevel 1

Ok, but on S4 series the ports where the customer connected the IDS are configured on vlan and the IDS has one IP for each vlan.


set vlan interface 50 create
set smon vlan create vtap.0.50
set port mirroring create vtap.0.50 ge.4.18 both

I did not find the command “smon” on Xos manual.

Giuseppe
 

Userlevel 6
Badge

Hi Giuseppe,

 

On EXOS there are three ways to deliver mirrored traffic (with port-wide mirror or thru an ACL): target port, target VLAN, target IP.

If you want to deliver anything through layer 3 with particular VLAN interface, you might be thinking about this:

create vlan 50 // or create vlan Green tag 50 - the former creates VLAN with a name VLAN_0050, most commands allow to refer to VLANs by name or ID; the former allows to create many vlans at once BTW (e.g. create vlan 51-59,64), name can also be changed anytime;

configure vlan 50 ipaddress [address/netmask] (or abbreviated: conf [vlan name] ip [address/netmask])

Not sure what direction you want to follow, I’m not familiar with S4 smon thing.

 

Hope that helps,

Tomasz

Userlevel 1

Thanks for your reply.

in this day I try to do this

 

ena mirror MIRROR_LAN TO remote-ip “ipaddress of IDS “

conf mirror MIRROR_LAN add vlan default

The traffic is tunneled Grev0 and the Intrusion Detection can not see the traffic

I would like finding a command similar to the command put on S4

 

Thanks in advance

 

Giuseppe

 

 

Reply