When I mirror several vLANs toward a port, I can see all broadcast traffic but no unicast traffic. It's a little bit like if the monitoring port had been inclded in the vLANs mirrored but no mirroring happen at all...
Is there some configuration I missed or some limitation here ?
Thanks, but what if the switch is not the IP (use case of my setup, switch used as a switch, not as a router.
vLAN : VNF09_OM_CN_R1 tag 2093 :
PC <=> Port 29 X670 Port 48 <=> Router
create mirror "VNF9"
configure mirror VNF9 to port 45
enable mirror VNF9
configure mirror VNF9 add vlan VNF09_OM_CN_R1 ingress
When I ping 18.104.22.168 from 22.214.171.124, I'm supposed to see :
Arp request ingress broadcast on port 48 => OK I see it !
Arp reply ingress unicast on port 29 => this one I cannot see it
ICMP request unicast ingress on port 48 => not seen as well
ICMP reply unicast ingress on port 29 => not seen either...
confirmed I can see icmp traffic one way if you ingress vlan only and switch is one of the ip's....
Since it is all ingress traffic so if I add a vlan in the middle of network between two sources I see both sides and full conversions doing same vlan filter ingress only.
If at edge then you will only see incoming traffic to that switch due to ingress only vlan filter. If at edge and you are not terminating any of the traffic for those vlans anbd it si only at the edge through that switch then all i see is broadcast and mcast traffic that is not snooped.
Also confirmed an ingress only vlan with egress ports sees full traffic on that vlan and it is not duplicated but it is all the traffic as long as 2 way traffic is dependent on the switch you have the mirror on. So ping and snmpc and polling i see all the two way traffic one I added the port Egress filter to the ip of the switch i have the mirror on.
Not sure if indeed you are seeing something different or not than I have set up in one of our 460 stacks that does monitoring and management traffic for our network..
one thing to remember .. mirror vlan is igress only, Mirror port is all vlans on the port egress or ingress or both and anomaly ....
For me at least the mirror seems to work as designed and I am also running 126.96.36.199
Slot-1 PLW_X460G2_5959Basement_stack.27 # sh mir "test_vlan"
Mirror to port: 1:20
Source filter instances used : 2
Port 1:26, all vlans, egress only
All ports, vlan rtr_nm_plw_3879, ingress only
So, traffic I would like to see is ICMP, BtW between 2 addresses. from 188.8.131.52 to 184.108.40.206.
.41 is on port 29, .46 is on port 48 and the pings are successful
You can see the initial ARP request
17:34:11.278126 00:02:3b:10:12:8f > Broadcast, ethertype 802.1Q (0x8100), length 64: vlan 2095, p 6, ethertype ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 220.127.116.11 (Broadcast) tell 18.104.22.168, length 46
from the router point of view :
22.214.171.124 fa:16:3e:70:26:06 3195 ARPA 3/19 vlan-id 2105
126.96.36.199 00:02:3b:10:12:8f - ARPA 3/19 vlan-id 2105
From the switch :
* X670-48x.4 # sh fdb | inc VNF09_MG
00:02:3b:10:12:8f VNF09_MGMT_R1(2095) 0043 d m 48
fa:16:3e??5e:40 VNF09_MGMT_R1(2095) 0013 d m 29
For me it's quite good and traffic is OK... Only vLAN mirroring is weird, behaving like if mirror destination port (45) was member of vLANs (receiving then broadcast and multicast but no unicast when mac is in the FDB)
BtW, if I apply my mirroring on port level, ingress side I can see the unicast, in the right vLAN on port 45 and tagged vlan 2095...