I have a 3 stack of X670v that are all 48-ports - total ports = 144. I need to mirror all ports, but it has a hardware limit of 128. I'd prefer to mirror VLANs, but I need ingress and egress.
I'm using AlienVault and want to capture everything. The problem I'm having is that I'm saturating a 1 GB link with traffic and as such I'm dropping ~400 packets per second.
To combat this, I thought I'd build 3 mirrors (one for each switch). But there is the matter of the hardware limit (128 ports or 2 ingress/2 egress mirrors). Now I'm stuck on running everything to operating on 2 mirrors, but I still can't span all ports.
First- in order to reduce my packet drop rate, I'm trying to balance the load. I noticed I have the option mirroring to multiple ports. If I mirror to multiple ports, is it the same data on multiple ports or does it split the load across the ports? I'm hoping it balances the ports and not duplicate them, but I'm sure that's not the case.
While this is the way I managed to get it to work, if there is a better option please let me know. Like I mentioned, I'd like to span the VLANs and not the ports but I need in/egress.