This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ
- Extreme Networks
- Community List
- Network Management & Authentication
- ExtremeCloud IQ- Site Engine Management Center
- RE: EWC is not sending packets to the mirror L2 po...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
EWC is not sending packets to the mirror L2 port
EWC is not sending packets to the mirror L2 port
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
ā03-06-2016 01:37 PM
I initially had some trouble getting my EWC to talk to my Purview box. That has been resolved, and now my Purview box is receiving flow statistics. However, it's not receiving the actual flow data.
On my controller, I am using esa0 as lag1 which (at present) contains all of my WLAN's. esa1 is defined as a mirror. I have esa1 connected directly to a NIC on my VMWare server, which is then attached via VMWare to my Purview host. Initially I thought this might be related to Purview or the VMWare server.
However - if I ssh' into my controller and run a 'shell', then do a 'tcpdump -i eth1', I am seeing nothing flowing through that NIC.
I have gone over and over my settings on the controller, and just about everywhere I can look I have mirroring "allowed in both directions" and Netflow set to enabled.
Anyone how an idea on where I can look?
Thanks!!
On my controller, I am using esa0 as lag1 which (at present) contains all of my WLAN's. esa1 is defined as a mirror. I have esa1 connected directly to a NIC on my VMWare server, which is then attached via VMWare to my Purview host. Initially I thought this might be related to Purview or the VMWare server.
However - if I ssh' into my controller and run a 'shell', then do a 'tcpdump -i eth1', I am seeing nothing flowing through that NIC.
I have gone over and over my settings on the controller, and just about everywhere I can look I have mirroring "allowed in both directions" and Netflow set to enabled.
Anyone how an idea on where I can look?
Thanks!!
15 REPLIES 15
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
ā03-06-2016 01:53 PM
Hello Bill, yes, I have promisc' set on the VMWare NIC. And my mirror NIC is showing the promisc' flag on the controller in the ifconfig output.
Still seems like doing a tcpdump -i eth1 on the controller should show me something. With it not showing a single packet, that tells me that my mirror is somehow flawed.
Still seems like doing a tcpdump -i eth1 on the controller should show me something. With it not showing a single packet, that tells me that my mirror is somehow flawed.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
ā03-06-2016 01:53 PM
Should not matter if you are receiving the Netflow information. Now we just have to figure out the mirror situation. Main thing is to see if there is any info coming in. Just quick.. you have premiscuous mode enabled on all of the virtual interfaces correct?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
ā03-06-2016 01:53 PM
I will give that a shot when I am in the office tomorrow.
Also, do I need to have "Management Traffic" checked on the VNS that I am trying to collect Purview data on?
Also, do I need to have "Management Traffic" checked on the VNS that I am trying to collect Purview data on?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
ā03-06-2016 01:53 PM
OK.. C5210 you should be good to go on cores. Next, do you have a laptop that you could drop wireshark on? I would then take es1 and drop in the laptop with wireshark to see if you see anything on the wire first. If you do then you you need to focus on the ESXi interfaces. Let me know and we can go from there...
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
ā03-06-2016 01:53 PM
Hi Bill, thanks for helping out.
Looks like my Interfaces are okay on the Purview VM ...
root@purview:~$ ifconfig | more eth0 Link encap:Ethernet HWaddr 00:0c:29:41:eb:bf inet addr:10.60.60.152 Bcast:10.60.60.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fe41:ebbf/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1220111 errors:0 dropped:30 overruns:0 frame:0 TX packets:302413 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:160181516 (160.1 MB) TX bytes:73892480 (73.8 MB) eth1 Link encap:Ethernet HWaddr 00:0c:29:41:eb:c9 inet6 addr: fe80::20c:29ff:fe41:ebc9/64 Scope:Link UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1 RX packets:2 errors:0 dropped:0 overruns:0 frame:0 TX packets:12 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:120 (120.0 ļ TX bytes:936 (936.0 ļ lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:2742 errors:0 dropped:0 overruns:0 frame:0 TX packets:2742 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:513448 (513.4 KB) TX bytes:513448 (513.4 KB)
But even if there were problems there, wouldn't I at least see packets begin sent when running a tcpdump on the controller side?
I should be good with number of cores. I have a C5210, and it looks like all CPU cores and threads are reporting in ...
root@EWC.kch.local:~# less /proc/cpuinfo | grep processor processor : 0 processor : 1 processor : 2 processor : 3 processor : 4 processor : 5 processor : 6 processor : 7 processor : 8 processor : 9 processor : 10 processor : 11 processor : 12 processor : 13 processor : 14 processor : 15 processor : 16 processor : 17 processor : 18 processor : 19 processor : 20 processor : 21 processor : 22 processor : 23
Looks like my Interfaces are okay on the Purview VM ...
root@purview:~$ ifconfig | more eth0 Link encap:Ethernet HWaddr 00:0c:29:41:eb:bf inet addr:10.60.60.152 Bcast:10.60.60.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fe41:ebbf/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1220111 errors:0 dropped:30 overruns:0 frame:0 TX packets:302413 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:160181516 (160.1 MB) TX bytes:73892480 (73.8 MB) eth1 Link encap:Ethernet HWaddr 00:0c:29:41:eb:c9 inet6 addr: fe80::20c:29ff:fe41:ebc9/64 Scope:Link UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1 RX packets:2 errors:0 dropped:0 overruns:0 frame:0 TX packets:12 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:120 (120.0 ļ TX bytes:936 (936.0 ļ lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:2742 errors:0 dropped:0 overruns:0 frame:0 TX packets:2742 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:513448 (513.4 KB) TX bytes:513448 (513.4 KB)
But even if there were problems there, wouldn't I at least see packets begin sent when running a tcpdump on the controller side?
I should be good with number of cores. I have a C5210, and it looks like all CPU cores and threads are reporting in ...
root@EWC.kch.local:~# less /proc/cpuinfo | grep processor processor : 0 processor : 1 processor : 2 processor : 3 processor : 4 processor : 5 processor : 6 processor : 7 processor : 8 processor : 9 processor : 10 processor : 11 processor : 12 processor : 13 processor : 14 processor : 15 processor : 16 processor : 17 processor : 18 processor : 19 processor : 20 processor : 21 processor : 22 processor : 23
