Wired Intelligent Edge

 View Only
last person joined: 3 days ago 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Back to discussions
Expand all | Collapse all

Mirror port only receiving a fraction of what it should

This thread has been viewed 2 times

  • 1.  Mirror port only receiving a fraction of what it should

    Posted 10 days ago

    Hello Team!

    I am facing what I believe is an issue. I have a 6200F 24 ports (+4 SFP+) with AOS-CX 10.13.1000 and configured port mirroring to 1/1/26 and 1/1/28 (SFP+). All other ports are configured as sources.

    aruba6200(config-if)# show mirror 1
     Mirror Session: 1
     Admin Status: enable
     Operation Status: enabled
     Comment: SPAN port for Armis
     Source: vlan rx none
     Source: vlan tx none
     Source: interface 1/1/1 both
     Source: interface 1/1/2 both
     Source: interface 1/1/3 both
     Source: interface 1/1/4 both
     Source: interface 1/1/5 both
     Source: interface 1/1/6 both
     Source: interface 1/1/8 both
     Source: interface 1/1/10 both
     Source: interface 1/1/11 both
     Source: interface 1/1/13 both
     Source: interface 1/1/14 both
     Source: interface 1/1/15 both
     Source: interface 1/1/16 both
     Source: interface 1/1/17 both
     Source: interface 1/1/18 both
     Source: interface 1/1/19 both
     Source: interface 1/1/20 both
     Source: interface 1/1/21 both
     Source: interface 1/1/22 both
     Source: interface 1/1/23 both
     Source: interface 1/1/24 both
     Source: interface 1/1/25 both
     Source: interface 1/1/27 both
     Source: interface lag1 both
     Destination: interface 1/1/26,1/1/28

    The issue is that the destination ports are only seeing a fraction of the traffic, as confirmed by comparing the port statistics on the switch itself and watching at the receiving end, which is an Armis Collector on vSphere (virtual distributed switch). The link is between the switch and an ESXi port, not a physical switch. 

    sFlow is disabled on all ports.

    I tried the following without luck.

    • Setting the physical NIC on ESXi in direct access mode.
    • Changing the destination ports, including from SFP+ to regular gigabit ethernet.
    • Changing cables.
    • Having only one source port.
    • Running Wireshark as the destination. I am not a pro with this fish, but I see that traffic is incomplete.
    • Using VLANs instead if interfaces (I have 8 VLANs)
    • Using VLANs and interfaces simultaneously
    • Adjusting the MTU to Jumbo Frames.

    In all cases, only a subset of the data makes it through. There are no dropped packets on any involved interfaces.

    What am I missing?

    Thanks in advance!

    Fred