Mirroring on X590 - V400. Troubles with 802.1BR (0x893F) encapsulation

DB2001 — Sun, 07 Feb 2021 22:51:00 GMT

Recently we replaced our Enterasys S4 with a couple of X590 and associated V400 edge switches
We are now facing problems regarding mirroring the traffic of our VLANs and checking the results on our network analyzer where we also NEED to run tcpdump

Here is what I did step by step

Step 1
Let's say I want to monitor what happens on my VLAN 100 and send everything to my analyzer located on port 103:31: IMPORTANT! This analyzer MUST have an IP address in the same VLAN 100 in order to be accessible.

mirrored port is 1:1 on the X590
monitor port is 103:31 on a V400 (belonging to VLAN 100)

In order to keep VLAN 100 on the monitor port I found a solution using the remote-tag keyword (otherwise VLAN is removed)

create mirror "PUBLIC_MIRROR"
configure mirror PUBLIC_MIRROR to port 103:31 remote-tag 100
configure mirror PUBLIC_MIRROR add vlan Internet-V port 1:1 ingress
enable mirror PUBLIC_MIRROR

This way everything works: my Analyzer with tcpdump can see the traffic of the mirrored port (which resides on X590)

Step 2
Now I want to add another port into the mirror, THIS TIME located on a V400, let's say 103:1
configure mirror PUBLIC_MIRROR add vlan Internet-V port 103:1 ingress

Now tcpdump on the analyzer start seeing all traffic originated in 103:1 encapsulated with 802.1BR (0x893f), which it is not able to decode
I understand that the 802.1BR tagging is used to handle traffic between X590 and V400, but it makes the traffic in the mirror unreadable.

Step 3
Other tests
1) Connect the Network Analyzer on the X590 instead of V400. No change
2) Connect the Network Analyzer on a remote switch, using "Remote Mirroring" as described in EXOS User Guide, CLI Reference anche KB like
https://extremeportal.force.com/ExtrArticleDetail?an=000074211&q=how%20to%20configure%20remote%20mirror

No joy, the 802.1BR encapsulation is sent also to the remote switch

The problem
This is just to explain the concept: now imagine I have to monitor the whole VLAN 100 with 96 ports on the V400 switches: I'm not able to see anything.
I'm only able to decode traffic which originates on the X590 switches which is unaffected by 802.1BR (that is all my trunks to remote switches)

How can I handle this situation?
Remember the fundamental facts
1) The analyzer MUST have an IP address on the monitored VLAN
2) TCPDUMP must be used

Thanks

topic Mirroring on X590 - V400. Troubles with 802.1BR (0x893F) encapsulation in ExtremeSwitching (EXOS/Switch Engine)

Mirroring on X590 - V400. Troubles with 802.1BR (0x893F) encapsulation