This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Port mirror to a vlan

Port mirror to a vlan

Matthew_Perry
New Contributor III

‎06-21-2019 04:15 PM

We are demoing a IDS device that lives in a VM. The device setup wants a port mirror to be sent to a vlan so the virtual switch on the VM host can then assign the traffic to the correct interface on the vm. The device is connected to a B5-Switch that uplinks to a S4. I'm able to setup a mirror on the S4 to sent the traffic from a vlan to a port but can't see a way to then send that mirror to dedicated vlan that i then get over to the Virtual environment. Is this possible? Surprisingly it looks like you can send a mirror to a vlan on the B-series switches but not the S-series.

The following will let me send the traffic to a physical port on the S4.
set vlan interface
set port mirroring create vtap.0. ge.1.1
0 Kudos
1 REPLY 1

Matthew_Hum
Contributor

‎07-11-2019 02:45 AM

For a port mirror you will need to specify an additional port on the ESX server to receive the mirrored traffic. I don't believe you can mirror traffic to a vlan destination, because mirrored traffic is dead traffic. VLANs provide switching and lookups before forwarding, while dead traffic should just go out everywhere. Thus you are talking about 2 different functions of the packet processor.
Also I wouldn't suggest mirroring traffic onto a vlan and then sending it into esx via a trunk because it can oversubscribe the port and then you lose control traffic.

Again I'd mirror the traffic to a port, then connect that port to a different port on the ESX server with a separate virtual switch, and then tie the virtual IDS interface to that other virtual network.
0 Kudos
li.common.scroll-to.top
GTM-P2G8KFN