cancel
Showing results for 
Search instead for 
Did you mean: 

Remote Mirror Clarification Wanted

Remote Mirror Clarification Wanted

Frank
Contributor II
I basically have the layout that was discussed in https://community.extremenetworks.com/extreme/topics/remote-mirroring-trunk-lacp, but I was looking for an "official" confirmation.

Let's say I have an edge switch (460) with multiple vlans, tagged to a shared uplink port 55 (grouped 55-58) to two BD8800s (55/56 going to BD8800-1, 57/58 to BD8800-2) with an ISC/MLAG between the 8800s.

I need to remote mirror, let's say "Port 1" on the 460, which is an untagged port in a vlan, meaning I need to see the traffic that happens on the 460-Port-1

My Network Analyzer is plugged into port 5:20 on BD8800-1

Naive me goes ahead and says on the 460:
configure mirror add port 1 ingress-and-egress
configure mirror to port 55 remote-tag 1234

So far, so good. But as soon as I say:
enable mirror

I get the dreaded "Error: Port mirroring cannot be enabled on a trunk member port 55"

I created a vlan 1234 and added port 55 tagged to it - makes no difference

I just wanted a confirmation that it's really not possible to use existing shared uplink ports to carry remote mirrors. As much as I hate it, I can understand that there might be technical limitations with shared ports and mirrors - like packet sequences getting out of order perhaps, or some such thing.

Would I be right to assume that remote mirroring only works over single unshared "uplink" ports - which in my case pretty much means "if you want to remote mirror, fling a new cable from the 8800 with the analyzer to the 460s where you want to monitor ports?

Yes, I tried to read the documentation, but may have missed that part  At least that way I found the "capture locally to memory, tftp, then analyze" trick that I will be eternally grateful for - just have to be careful to not accidentally use up all the memory!

Thank you
Frank
1 ACCEPTED SOLUTION

Frank
Contributor II
OK, now I feel stupid again. "Extreme Support" came through with a one-liner  . In short: it works as outlined in https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-remote-mirroring-through-...

On the edge switch where you want to mirror a port:

set up your mirror with the port you want to have mirrored (ingress/ingress-and-egress...)
you need an unused port on your switch, let's say "13"
Let's also say your uplink shared group is port 55 (shared 55, grouped 55-58)

"enable mirror to port-list 55 loopback port 15 remote tag 1234"

You don't need to create vlan 1234 on that switch.

On the next switch(es) up (as per documentation, search the PDF for "mirror" and scroll down for remote mirrors):
create vlan remote_mirror
configure vlan remote_mirror tag 1234 remote-mirroring
configure vlan remote_mirror add ports tagged
configure vlan remote_mirror add ports

Do that on the switches up to and including the switch where your network-analyzer sits
And there just add vlan "remote_mirror" to your mirror config

I know I found the documentation parts when I started down that path, but somehow must have messed things up.

Apologies for not having properly read/understood the manual and articles 😞

View solution in original post

7 REPLIES 7

Bin
Extreme Employee
https://documentation.extremenetworks.com/exos_commands_22.4/exos_21_1/exos_commands_all/r_enable-mi...
  • In normal mirroring, a monitor port cannot be added to a load share group. In one-to-many mirroring, a monitor port list can be added to a load share group, but a loopback port cannot be used in a load share group.

Frank
Contributor II
OK, now I feel stupid again. "Extreme Support" came through with a one-liner  . In short: it works as outlined in https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-remote-mirroring-through-...

On the edge switch where you want to mirror a port:

set up your mirror with the port you want to have mirrored (ingress/ingress-and-egress...)
you need an unused port on your switch, let's say "13"
Let's also say your uplink shared group is port 55 (shared 55, grouped 55-58)

"enable mirror to port-list 55 loopback port 15 remote tag 1234"

You don't need to create vlan 1234 on that switch.

On the next switch(es) up (as per documentation, search the PDF for "mirror" and scroll down for remote mirrors):
create vlan remote_mirror
configure vlan remote_mirror tag 1234 remote-mirroring
configure vlan remote_mirror add ports tagged
configure vlan remote_mirror add ports

Do that on the switches up to and including the switch where your network-analyzer sits
And there just add vlan "remote_mirror" to your mirror config

I know I found the documentation parts when I started down that path, but somehow must have messed things up.

Apologies for not having properly read/understood the manual and articles 😞

Please just correct the Port Number, as 1st you mention "13" and just after "15".
Thks.

Frank
Contributor II
Thank you for your kind words 🙂
GTM-P2G8KFN