Mirror paort of Nortel ERS 8300
I am facing a very strange problem with Nortel ERS 8300 Switch. I am using this command
diag mirror-by-port 2 create in-port 2/46 out-port 2/43 mode both ( 2/46 is mirrored port and 2/43 is monitor port)
When I am connecting to 2/43 to take tcp dump, I am getting VLAN ID :4094 in each packet. I found some artcles describing it as security purpose. But I have to disable this.
Help..
Thanks,
Peter
diag mirror-by-port 2 create in-port 2/46 out-port 2/43 mode both ( 2/46 is mirrored port and 2/43 is monitor port)
When I am connecting to 2/43 to take tcp dump, I am getting VLAN ID :4094 in each packet. I found some artcles describing it as security purpose. But I have to disable this.
Help..
Thanks,
Peter
ASKER
Hi Rick,
I have mostly Cisco Experience and VLAN in SPAN port is irrevelent. But I am not sure in Nortel.
And I am mirrorring a Port, Not a VLAN.
Please explain more
I have mostly Cisco Experience and VLAN in SPAN port is irrevelent. But I am not sure in Nortel.
And I am mirrorring a Port, Not a VLAN.
Please explain more
If you put the mirroring port in the same VLAN as the mirrored port I think you should be all set. I believe the 4094 is being assigned if the mirroring port is not in the same VLAN.
You don't want to set the mirroring VLAN in your case.
You don't want to set the mirroring VLAN in your case.
ASKER
I tried putting the mirroring port and mirrored port in same VLAN. Again I am getting VLAN ID in my mirrored packet. Any idea
ASKER
Hi..
I found a solution myself. I think this is the property of Nortel 8300 Passport Switches. When I am getting mirrored traffic, each packet will be having the VLAN ID of the actual packets destination address. Let say, If I am getting packet from Internet to one of my internal IP address, 192.168.21.199 ( in VLAN 21 - User VLAN) the mirror packet will contain VLAN ID 21. This property is irresepective of the port I am mirroring. Here the Port is part of my Firewall VLAn ( VLAN 105). If I am sending a packet to Internet, Then the destination packet is not part of Any VLAN, then VLAN ID:4094 will be attached to the packet.
Then comes to my solution - I am now using one of the SFP ports in my SF CPU module and this port is not having this character.
Thanks,
Peter
I found a solution myself. I think this is the property of Nortel 8300 Passport Switches. When I am getting mirrored traffic, each packet will be having the VLAN ID of the actual packets destination address. Let say, If I am getting packet from Internet to one of my internal IP address, 192.168.21.199 ( in VLAN 21 - User VLAN) the mirror packet will contain VLAN ID 21. This property is irresepective of the port I am mirroring. Here the Port is part of my Firewall VLAn ( VLAN 105). If I am sending a packet to Internet, Then the destination packet is not part of Any VLAN, then VLAN ID:4094 will be attached to the packet.
Then comes to my solution - I am now using one of the SFP ports in my SF CPU module and this port is not having this character.
Thanks,
Peter
Thanks for the update.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I have done the workaround as explained in the case notes
mirroring-vlan parameter to match the source VLAN. I don't know if there is any way to set it to none.