Port mirroring on VSF
01-03-2019 02:23 AM
If i have a local mirror configured for a VLAN on a VSF 5400 Core stack, should the stack capture all data in the VLAN, independent on where the cable is connected physically?
Since the VSF stack operates as one logical unit.
I have 2 VLANs which i am mirroring, and the SVI for VLAN A is terminated on the firewall but i see a fair amount of traffic in the mirror. VLAN B though doesn't give me much data, whilst the SVI is also terminated on the firewall.
I am wondering if i am fully capturing all data in VLAN B, although most of the data for VLAN B will traverse the physical core1 i guess, and not physical core2 to which the mirror destination is attached.
Any ideas? Can't seem to find the scoop on mirroring in combination with VSF.
Re: Port mirroring on VSF
01-03-2019 08:38 AM - edited 01-03-2019 08:39 AM
Port mirroring should work normally on a VSF fabric of either 5400Rs or 2930Fs, with the caveat that VSF links must be of sufficient bandwidth to carry both normal traffic between VSF members and the traffic being mirrored, if the monitor and destination ports are on different members.
Have you tested mirroring the traffic for VLAN B to a destination port on both the member where the traffic is originating as well as the opposite member, and compared the two to check for any signs that mirrored traffic is being lost?