nanog mailing list archives

Re: Poor mans TAP

From: Dovid Bender <dovid () telecurve com>
Date: Mon, 7 Oct 2019 13:10:03 -0400

Yup, Tried that. Incoming interface is set as:
interface Ethernet1/37
  switchport mac-learn disable
  description tor-31-1 ge-0/0/44 SPAN
  switchport mode trunk
  switchport trunk allowed vlan 2,999
  ip access-group DROP out

Outbound interfaces are set to:

interface Ethernet1/46
  description MON1
  switchport access vlan 999

The issue is that the traffic coming in, is coming from a Juniper switch
where the traffic has vlan tags on the packets.


On Mon, Oct 7, 2019 at 1:07 PM Nick Hilliard <nick () foobar org> wrote:

Dovid Bender wrote on 07/10/2019 17:56:

We used cisco in the past. The issue we have is the switches that will
mirror to more than one port  have fans pushing the heat into the cold
isle. From what I was able to see Cisco does not have any AFO switches
that will mirror to more than one port.


um, really?  Have you tried disabling mac learning?  This will cause all
traffic to be unicast flooded to multiple ports.

Nick

Current thread:

Poor mans TAP Dovid Bender (Oct 07)
- RE: Poor mans TAP Kevin Burke (Oct 07)
- <Possible follow-ups>
- Re: Poor mans TAP John Kristoff (Oct 07)
  - RE: Poor mans TAP Ray Orsini (Oct 07)
  - Re: Poor mans TAP Dovid Bender (Oct 07)
    - Re: Poor mans TAP Nick Hilliard (Oct 07)
    - Re: Poor mans TAP Dovid Bender (Oct 07)
    - Re: Poor mans TAP Nick Hilliard (Oct 07)