Re: Switch designed for mirroring tap ports
Instead of monitoring the physical interface, monitor the vlan from a Cisco IOS perspective on a CAT6500. This will capture all physical interfaces associated with that vlan for mirroring/span. HTH Jonathan #22744 Sent from my HTC on the Now Network from Sprint! ----- Reply message ----- From: "A. Pishdadi" <apishdadi@gmail.com> Date: Wed, Feb 29, 2012 11:12 pm Subject: Switch designed for mirroring tap ports To: "NANOG" <nanog@nanog.org> Hello All, We are looking for a switch or a device that we can use for mirroring tap ports. For example , take a mirror port off of a core router say a 6509, connect it to a port on said device, say port 1. I would like then to be able to mirror port 1 on said device to multiple ports, like port 2 , 3, 4. We have the need to analyze traffic from one port on multiple devices. Seems most switches are limited to mirroring to a max of 1 or 2 ports. Any suggestions would be great. Thanks, Ameen
No the issue isnt monitoring many ports at once, its having more then 1 set of monitoring or 2 sets in the 6500 case. So I am monitoring say port channel 1 to ports 1 2 3 4, and port channel 2 , ports 4 5 6 and 7. After that I cannot monitor anymore ports. On Thu, Mar 1, 2012 at 2:34 AM, gwood83@gmail.com <gwood83@gmail.com> wrote:
Yes, the Cat 6500s are limited to a certain number of SPAN/port monitoring sessions. Another tool, we've switched to after using the Gigamon for many years are taps and the Anue 5236 (10Gb) port aggregator. From this we can split the SPAN feeds into different IDS/monitoring servers or load-share among several output servers. It is a great tool and very easy GUI to control the feeds and output ports. Ian Slade Sr. Network Engineer, SAIC ITS Systems Engineering ian.slade@saic.com 703-676-5234 http://www.saic.com -----Original Message----- From: nanog-bounces+ian.slade=saic.com@nanog.org [mailto:nanog-bounces+ian.slade=saic.com@nanog.org] On Behalf Of A. Pishdadi Sent: Thursday, March 01, 2012 3:54 AM To: gwood83@gmail.com Cc: NANOG Subject: Re: Switch designed for mirroring tap ports No the issue isnt monitoring many ports at once, its having more then 1 set of monitoring or 2 sets in the 6500 case. So I am monitoring say port channel 1 to ports 1 2 3 4, and port channel 2 , ports 4 5 6 and 7. After that I cannot monitor anymore ports. On Thu, Mar 1, 2012 at 2:34 AM, gwood83@gmail.com <gwood83@gmail.com> wrote:
Be careful when considering the Anue products. When we evaluated both Anue and Gigamon, we had to rule out Anue due to total lack of IPv6 support, and went with Gigamon instead. I have not heard whether the situation has changed in the last year. We liked both products for their functionality and ease of use, but for us IPv6 was the distinguishing capability. --Ron Ron Broersma DREN Chief Engineer On Mar 1, 2012, at 9:50 AM, Slade, Ian wrote:
participants (4)
-
A. Pishdadi -
gwood83@gmail.com -
Ron Broersma -
Slade, Ian