This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

S-Series: port mirror not working as long as Policy based mirror is enabled

S-Series: port mirror not working as long as Policy based mirror is enabled

Rainer_Adam
New Contributor III

‎01-26-2016 11:44 AM

Our Customers S8 Series core (S-150 class) has configured a policy based mirroring for Purview. We mirror nearly all ports to this destination.

Config:

set mirror create 1
set mirror 1 mirrorN 15
set mirror ports tg.4.104 1
.
.
.
set policy profile 2 name PurView pvid-status enable pvid 4095 mirror-destination 1
set policy rule admin-profile port ge.2.42 mask 16 port-string ge.2.42 admin-pid 2
.
.
.

If we then configure:

set port mirroring create ge.2.7 ge.2.42 both
set port mirroring create ge.3.7 ge.2.42 both

We did not get the full traffic on ge.2.42, it is about 1/10 of the traffic.

Is there any know restrictions about that situations?

If we disable the mirror (policy based mirroring) the port-mirror works fine....

8 REPLIES 8

Rainer_Adam
New Contributor III

‎01-28-2016 08:21 AM

Is it possible to create more then one policy based mirror?

currently we had defined in the old config that policy profile 2 (where all other ports are in) are sending to tg.4.101 (where the PurView appliance is connected), if I would create another policy based mirror where I only contain the 2 source ports ge.2.7 and ge.3.7 and mirror it to ge.2.44 (where is the sniffer connected)??

Would this work?
0 Kudos

Rainer_Adam
New Contributor III

‎01-28-2016 06:52 AM

WOW, thank you very very much Mike, that makes it complete clear.

0 Kudos

Mike_D
Extreme Employee

‎01-27-2016 06:50 PM


Hello,
Additional info on this topic:

S-series 150 class switches support policy mirror as first priority. The 150 class will not support both mirror-n for Purview and port mirror simultaneously with one exception: if you make the mirror an enhanced mirror, the port mirror will work for “tx” (packets outbound on the port), even when the policy mirror is enabled.

S-series 140-180 class modules with additional switch fabric capability are not subject to this exclusive mirror type behavior.

Hope that helps,
Mike

Adding a KCS knowledge base article to this effect in short order.

0 Kudos

Daniel_Coughlin
Extreme Employee

‎01-26-2016 03:07 PM

There are many restrictions to mirroring. Most are addressed in the release notes. For the most part Traffic may only be mirrored once. So if traffic is subject to the policy mirror it can not also be subject to the port mirror.
0 Kudos
GTM-P2G8KFN