[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Poor mans TAP

Subject: Poor mans TAP
From: dovid at telecurve.com (Dovid Bender)
Date: Mon, 7 Oct 2019 13:10:03 -0400
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]> <CAM3TTh2vyty83sUST3Mhhxbx=KP2DVyb0nkqitqt5ctMNY9xVg@mail.gmail.com> <[email protected]>

Yup, Tried that. Incoming interface is set as:
interface Ethernet1/37
  switchport mac-learn disable
  description tor-31-1 ge-0/0/44 SPAN
  switchport mode trunk
  switchport trunk allowed vlan 2,999
  ip access-group DROP out

Outbound interfaces are set to:

interface Ethernet1/46
  description MON1
  switchport access vlan 999

The issue is that the traffic coming in, is coming from a Juniper switch
where the traffic has vlan tags on the packets.

On Mon, Oct 7, 2019 at 1:07 PM Nick Hilliard <nick at foobar.org> wrote:

> Dovid Bender wrote on 07/10/2019 17:56:
> > We used cisco in the past. The issue we have is the switches that will
> > mirror to more than one port  have fans pushing the heat into the cold
> > isle. From what I was able to see Cisco does not have any AFO switches
> > that will mirror to more than one port.
>
> um, really?  Have you tried disabling mac learning?  This will cause all
> traffic to be unicast flooded to multiple ports.
>
> Nick
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20191007/4ccaeb26/attachment.html>

Follow-Ups:
- Poor mans TAP
  - From: nick at foobar.org (Nick Hilliard)

References:
- Poor mans TAP
  - From: jtk at depaul.edu (John Kristoff)
- Poor mans TAP
  - From: dovid at telecurve.com (Dovid Bender)
- Poor mans TAP
  - From: nick at foobar.org (Nick Hilliard)

Prev by Date: Poor mans TAP
Next by Date: dns cache beyond ttl - viasat / exede
Previous by thread: Poor mans TAP
Next by thread: Poor mans TAP
Index(es):
- Date
- Thread