On Mon, 7 Oct 2019 14:16:31 +0000 Dovid Bender <dovid@telecurve.com> wrote:
Funds at my 9-5 are limited. Has anyone tried this and how well does it work? We plan on mirroring about 800 megs of traffic at peak. https://www.amazon.com/Dualcomm-1000Base-T-Ethernet-Regeneration-Network/dp/...
I don't know if it still works on modern switches, but many years ago I was able to have Cisco LAN switches configured such that a single L2 MAC address could be statically associated with multiple interfaces (i.e. router interface). This made it possible to duplicate all traffic to destined to one station to appear on two (maybe more?) ports. You might try this also if you have an unused and available switch. John
Most smart switches do port mirroring. But I've had the predecessor to that tap for a few years. It has always worked well. Ray Orsini Chief Executive Officer OIT, LLC 305.967.6756 x1009 | 305.571.6272 ray@oit.co | www.oit.co oit.co/ray -----Original Message----- From: NANOG <nanog-bounces@nanog.org> On Behalf Of John Kristoff Sent: Monday, October 7, 2019 10:29 AM To: nanog@nanog.org Subject: Re: Poor mans TAP On Mon, 7 Oct 2019 14:16:31 +0000 Dovid Bender <dovid@telecurve.com> wrote:
Funds at my 9-5 are limited. Has anyone tried this and how well does it work? We plan on mirroring about 800 megs of traffic at peak. https://www.amazon.com/Dualcomm-1000Base-T-Ethernet-Regeneration-Netwo rk/dp/B0055M5JL8?ref_=ast_bbp_dp
I don't know if it still works on modern switches, but many years ago I was able to have Cisco LAN switches configured such that a single L2 MAC address could be statically associated with multiple interfaces (i.e. router interface). This made it possible to duplicate all traffic to destined to one station to appear on two (maybe more?) ports. You might try this also if you have an unused and available switch. John
John, We used cisco in the past. The issue we have is the switches that will mirror to more than one port have fans pushing the heat into the cold isle. From what I was able to see Cisco does not have any AFO switches that will mirror to more than one port. On Mon, Oct 7, 2019 at 10:29 AM John Kristoff <jtk@depaul.edu> wrote:
On Mon, 7 Oct 2019 14:16:31 +0000 Dovid Bender <dovid@telecurve.com> wrote:
Funds at my 9-5 are limited. Has anyone tried this and how well does it work? We plan on mirroring about 800 megs of traffic at peak.
https://www.amazon.com/Dualcomm-1000Base-T-Ethernet-Regeneration-Network/dp/...
I don't know if it still works on modern switches, but many years ago I was able to have Cisco LAN switches configured such that a single L2 MAC address could be statically associated with multiple interfaces (i.e. router interface). This made it possible to duplicate all traffic to destined to one station to appear on two (maybe more?) ports. You might try this also if you have an unused and available switch.
John
Dovid Bender wrote on 07/10/2019 17:56:
We used cisco in the past. The issue we have is the switches that will mirror to more than one port have fans pushing the heat into the cold isle. From what I was able to see Cisco does not have any AFO switches that will mirror to more than one port.
um, really? Have you tried disabling mac learning? This will cause all traffic to be unicast flooded to multiple ports. Nick
Yup, Tried that. Incoming interface is set as: interface Ethernet1/37 switchport mac-learn disable description tor-31-1 ge-0/0/44 SPAN switchport mode trunk switchport trunk allowed vlan 2,999 ip access-group DROP out Outbound interfaces are set to: interface Ethernet1/46 description MON1 switchport access vlan 999 The issue is that the traffic coming in, is coming from a Juniper switch where the traffic has vlan tags on the packets. On Mon, Oct 7, 2019 at 1:07 PM Nick Hilliard <nick@foobar.org> wrote:
Dovid Bender wrote on 07/10/2019 17:56:
We used cisco in the past. The issue we have is the switches that will mirror to more than one port have fans pushing the heat into the cold isle. From what I was able to see Cisco does not have any AFO switches that will mirror to more than one port.
um, really? Have you tried disabling mac learning? This will cause all traffic to be unicast flooded to multiple ports.
Nick
participants (4)
-
Dovid Bender -
John Kristoff -
Nick Hilliard -
Ray Orsini