Wired Intelligent Edge (Campus Switching and Routing)

Upcoming community maintenance Oct. 27th through Oct. 29th
For more info click here
Reply
Highlighted
Contributor II

Port Mirroring Limit on 5412R and 3810M

Hi there,

I saw from the ArubaOS-Switch 16.05 guide that:

Traffic mirroring supports the configuration of port and VLAN interfaces as mirroring sources in up to four mirroring sessions on a switch. Each session can have one or more sources (ports and/or static trunks, a mesh, or a VLAN interface) that monitor traffic entering and/or leaving the switch.

 

Question 1:

What is the hard limit for a 24/48 ports port mirroring to a single port? Is it 4 ports only?

 

Question 2:

Does it mean for 5406 and 5412 zl2 series also allows only 4 sessions per chassis? Even though all the line cards are inserted?

 

Thanks.


Accepted Solutions
Highlighted

Re: Port Mirroring Limit on 5412R and 3810M

Hi,

 

Thank you for your question. Would be great if you can provide some additional details on the use model? Do you think 4 destinations is not enough? Below I've copied the question and try to provide an answer. 

 

Question 1:

What is the hard limit for a 24/48 ports port mirroring to a single port? Is it 4 ports only?

 

The 4 ports are related to exit ports. To be honest I don't think there is a hard limit and you're able to add all ports. The only limit you of course always have is the bandwidth of the exit port.  If you want to monitor all ports on certain traffic this is also possible with policies. Or you can better monitor uplinks / VLAN's. 

 

Question 2:

Does it mean for 5406 and 5412 zl2 series also allows only 4 sessions per chassis? Even though all the line cards are inserted?

 

You have 4 mirror session that can provide as an exit port. There is also an option to set-up remote mirror sessions which can be very nice since you just copy traffic from one switch to another. 

 

Let me know if there are any questions / comments. 

 

View solution in original post


All Replies
Highlighted

Re: Port Mirroring Limit on 5412R and 3810M

Hi,

 

Thank you for your question. Would be great if you can provide some additional details on the use model? Do you think 4 destinations is not enough? Below I've copied the question and try to provide an answer. 

 

Question 1:

What is the hard limit for a 24/48 ports port mirroring to a single port? Is it 4 ports only?

 

The 4 ports are related to exit ports. To be honest I don't think there is a hard limit and you're able to add all ports. The only limit you of course always have is the bandwidth of the exit port.  If you want to monitor all ports on certain traffic this is also possible with policies. Or you can better monitor uplinks / VLAN's. 

 

Question 2:

Does it mean for 5406 and 5412 zl2 series also allows only 4 sessions per chassis? Even though all the line cards are inserted?

 

You have 4 mirror session that can provide as an exit port. There is also an option to set-up remote mirror sessions which can be very nice since you just copy traffic from one switch to another. 

 

Let me know if there are any questions / comments. 

 

View solution in original post

Highlighted
New Contributor

Re: Port Mirroring Limit on 5412R and 3810M

Need to delete this post entry

Highlighted

Re: Port Mirroring Limit on 5412R and 3810M

Hi Philip,

 

If you just want to monitor all traffic on these VLANS and have local mirror (exit) port you can simply use these commands without all the classifications. 

 

Let's say VLAN 10 and 20 you need to monitor and port 24 on the switch is the port where all the traffic is send to. 

 

- Configure mirror session (exit):

mirror 1 port 24

- Configure monitor on VLANs

vlan 10

   monitor all both mirror 1

vlan 20

  monitor all both mirror 1

 

If I'm correct then this is it. You're done and ready to start monitoring traffic. Be aware when you monitor complete VLAN's that are really busy or have lots of ports on the same switch and send all of this traffic to one port you can potentially overload the mirror port. 

 

Regards, Dobias

Highlighted
Contributor I

Re: Port Mirroring Limit on 5412R and 3810M

Hi Dobias,

 

When is HP going to remove the restriction of using only one static source VLAN in both TX/RX direction?

 

On Cisco you can enter multiple source VLANs in both directions.

 

I was hoping I would not have to do with this restriction since I have now the 5406r zl2/5412r zl2 in place, but it seems that there is still a limitation of only having policy based mirroring, on the inbound direction.

 

How would i go about requesting such an upgrade to firmware/functionality with HP/Aruba in general?

Highlighted
Contributor I

Re: Port Mirroring Limit on 5412R and 3810M

I want to monitor client traffic. But from more than 4 client VLANs, AND in both RX and TX direction.

 

I do see the option that you can monitor trunks as a source, but then you would have to copy data incoming on a 10G trunk to a IPS which has only 1G capabilities.

 

Is there some way to filter traffic based on source ip, where you can have direction both TX and RX? Even when filtering on a trunk, as to not overload the IPS?

 

Or is it only the classifier based policy, with the RX limitation?

Highlighted
Contributor II

Re: Port Mirroring Limit on 5412R and 3810M

Hi,

 

you can just create an ACL to filter what traffic you want to be forwarded to the mirror port. This is the output from an 5406zl (old gear).

 

The help command is very very useful if you don't have the manuals nearby. 

 

5406zl (config)# int a1 monitor help
Usage: 1) [no] monitor all {in|out|both} mirror {<DestNumber> | <DestName>}
[1-4 | NAME-STR]...
[no] monitor ip access-group <ACL-NAME> <in> mirror
<1-4 | NAME-STR> [1-4 | NAME-STR]...

Description: Monitor traffic on the port.

The network traffic seen by the monitored ports is copied to
the Mirroring Destination to which a network analyzer can be
attached.

Note: When mirroring multiple ports in a busy network,
some frames may not be copied to the mirroring port.

This is an interface context command. It can be entered
in interface context as shown or follow the
'interface [ethernet] <PORT-LIST>' command.

Parameters: o 1-4 - Mirror destination number
o NAME-STR - Friendly name associated with the mirror
destination number.
o ACL-NAME - Standard or Extended Access Control List number.
o <in|out|both> direction of the traffic to be monitored.

 

 

You can create extended ACLs to filter through IP addresses or MAC ACLs with this command:

 

3810M(config)# mac-access-list help
Usage: [no] mac-access-list { standard | extended } <ACL-ID>
mac-access-list resequence <ACL-ID> <Start> <Increment>

Description: Configure a MAC ACL to filter packets based on Ethernet
header information. MAC ACLs can filter based on the
source MAC address, destination MAC address, EtherType, CoS
priority, or VLAN number.

 

 

So, summing up, you monitor all the ports where you know the traffic is coming or going and apply the ACL so you only copy traffic from/to the hosts you want to monitor. If I'm not mistaken that should do what you are asking.

 

FYI, if you monitor all the ports you will probably end up having duplicated traffic.

 

Aarón

Highlighted
Contributor I

Re: Port Mirroring Limit on 5412R and 3810M

I understand what you are saying, thanks for the information.

 

But it would be much more convenient let's say to have the option to supply more than one static VLAN as the source to be mirrored.

 

I have like 30 client VLANs, and would like to verify traffic going between any one VLAN.

 

Would i have to input multiple trunk source interfaces as the source?

 

What would be the effect on the Core switch if i monitor this as a source, any idea on what type of cpu/mem this would cost?

 

The client traffic output wouldn't be that much of course, just worried that i am copying source server and other heavy traffic as well, which the switch has to process via the ACL.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: