I would like to implement a similar solution as depicted in the below diagram (Adtran's sample network). This would be my final configuration setup. However, before I reach this advanced phase, there are some issues we are experiencing on a very simple setup that almost closely matches the diagram below.
Our Adtran NetVanta switches are arranged physically and logically as shown above. However, there is NO LACP / Link Aggregation currently running on any of the switches. Additionally, our upstream switch is a NetVanta 1550-24 and the closet switches are two (2) NetVanta 1534 switches. There is NO NetVanta 1534P POE switch in our setup. Just three (3) Adtran NetVanta 1500 series switches altogether. Only a single VLAN is in use i.e., the default VLAN.
So the tasks / objectives are basically two (2) things:-
Initial Testing in basic setup configuration for Port Mirroring / Monitor Session:-
Our configuration looked like this:-
monitor session 1 source interface gigabit-switchport 0/1 both
monitor session 1 source interface gigabit-switchport 0/2 both
monitor session 1 source interface gigabit-switchport 0/3 both
monitor session 1 source interface gigabit-switchport 0/4 both
monitor session 1 source interface gigabit-switchport 0/5 both
monitor session 1 source interface gigabit-switchport 0/6 both
monitor session 1 source interface gigabit-switchport 0/7 both
monitor session 1 source interface gigabit-switchport 0/8 both
monitor session 1 source interface gigabit-switchport 0/9 both
monitor session 1 source interface gigabit-switchport 0/10 both
monitor session 1 source interface gigabit-switchport 0/11 both
..... continues on until gigabit-switchport 0/23
monitor session 1 destination interface gigabit-switchport 0/24
monitor session 1 source interface gigabit-switchport 0/24 both
monitor session 1 destination interface gigabit-switchport 0/3
Problem(s) / Results:-
Traffic just stops after about 10mins or so.
To help the forum address this question -
1. Monitoring all ports with a port mirror to an uplink switch has many potential issues that would have to designed around. Some examples would be ;
2. All traffic can be sent to one port, but the previously listed issues would have to be managed or designed around. I would suggest that aggregating the monitor ports separate from the data uplink ports would make this design less difficult.
3. The hardware can handle speeds up to the uplink port speeds without issue, but the spanning-tree design is expecting BPDU's to only be sent and received to the next device on a port and does not know about a port mirror situation that could duplicate this packet on another port.
4. I would not recommend adding Link Aggregation to the uplink ports if you will be monitoring all traffic to one port, since the bandwidths would cause congestion and drop traffic on the monitor port. It would still be possible if the aggregation is not used for additional bandwidth and only as a failover connection.
5. Take the following example, and determine how the switch should work in the configuration provided with all traffic monitored on a 1544 port in the diagram.
Hope this provides the insight required to engineer a supportable solution.
The NV1638 /1534/1531 that will provide one direction of traffic with a VLAN tag and the other untagged. On these devices, the hardware chipset is the cause and it cannot be changed, so this will not be fixed.
Hi JRoad / Adtran;
Thanks very much for the follow-up and detailed response. Also for providing a workaround until Engineering can resolve. Can you let me know the status of engineering and if they are close to releasing something.
(Update) NV1550 is working as expected, and the Wireshark PC was determined to be causing the issue.
The other switches are using ASICs that cannot be changed to correct the issue, so will not be fixed.
Hi JRoad / Support;
Thank you very much for following up and the update. A few more questions for further clarification:-
Thanks for this tip and how to. To confirm the setup. Would it be like this image (attached)? Also, when the NetVanta 1550 issue is looked into and corrected, do I just remove the parameter "rx" in the CLI "
monitor session 1 source interface gigabit-switchport 0/B rx"?
1. NV1550 can support port mirroring all ports ( except the destination port ). Not familiar with RSPAN enough to say.
2. The RX issue reported earlier turned out to be a PC issue and not the switch. So the answer is Yes.
3. Objectives not specified.
4. The switch can port mirror all 48-1 or 24-1 port to the destination port. This is not supported remotely as in the SDX series switches.
To get all traffic on a port -
monitor session <number> source interface <interface> both
I do not believe this will work since the MAC tables of the switch with the Server will get scrambled, and we do not have a way to not learn MAC addresses and still pass them to the server.
But if you had two NICs on the server connected to the Destinations Ports, that would work.
Doing remote mirroring is not supported on any AOS switch currently. See Sales to get information about the ADTRAN SDX series switch that supports remote mirroring.