Link to home
Start Free TrialLog in
Avatar of ehouser_paralleltech

asked on

Using Switch Port Mirroring and an Uplink Port as a Destination Port

I have three switches connected and tested in two different ways.  The first way is by using a daisy-chain by switch one port G1 to switch 2 G1 then switch 2 using port G2 to switch 3 port G1.  I am referencing port numbers as G1, G2 etc. since they are Gig ports and these switches have 4 gig ports each.  I have a server on switch 1 port 48 in which is the FINAL destination for all traffic from all three switches which is running a call recording application.  So, switch 3 is mirroring transmit and receive source traffic from all ports with a destination of G1 (uplink to switch 2).  Switch 2 is also mirroring all transmit and receive source traffic from all ports and ONLY receive traffic from G2 (uplink to switch 3) with a destination of G1 (uplink to switch 1).  Finally switch 1 mirrors all TX and RX traffic from all ports but ONLY RX traffic from G1 (uplink to switch 2) with a destination of port 48 (recording server).  The problem arises when devices start getting plugged into switch 2 and 3 and all of sudden the switches seem to lose their mind and things just stop communicating.  Such as switches not being able to get to each other, devices on any switch cannot ping devices on switch 1 etc.  ARP tables and MAC forwarding tables look correct but no traffic passes.  Then in time, traffic passes again but soon stops.  It's not until port mirroring across uplinks is turned off is when traffic stablizes.

The other config is to remove daisy-chaining and just plugging in each switch 2 and 3 into switch one but same results.  

Anyone have an idea what would cause this?
Avatar of giltjr
Flag of United States of America image

What kind of switches?  Cisco support RSPAN, remote span.  You setup a VLAN to do this.
Avatar of ehouser_paralleltech


Adtran 1238 48 port switches and cannot mirror VLANS, only ports
Sounds like you are creating a broadcast storm (even though there is no loop) because of the mirroring.  You do not mirror the VLANS but instead use the vlans as a destination.
On these switches mirroring a vlan or even to a vlan is not an option but sounds like a possibility
After re-reading this, I don't think you can do what you want to do.

Uplinks are used to allow "normal" host/device to host/device communications.   Most switches do  not allow "normal" traffic to flow over a port used as a destination port in a mirror.  That is, destination ports for a mirror session ignore/drop any inbound traffic.

So SW3 does not expect, should not allow, inbound traffic on the port it is using as the destination port for its mirror.  However, since SW2 is not using this as a destination port for a mirror session, it sees it as a "normal" port and will send traffic out.  Which SW3 should ignore as this is destination mirror port.
Avatar of ehouser_paralleltech

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I've requested that this question be closed as follows:

Accepted answer: 0 points for ehouser_paralleltech's comment #a39067103

for the following reason:

My own comments were selected as answer as it solved the issue at hand without the assistance from outside comments
Um, so my last post that told you you can use an uplink port as the destination of a mirror port didn't help?  Especially since that it what your solution was.
But your comment was not correct so it is not a solution.  Adtran fully supports using this uplink for mirroring as was described in the original post.  When the switch is not fully populated it passes traffic so by following your comments this should not even work but it does and therefor not a solution.  The "work-around" I found by my own testing along with assistance from the manufacturer's tech support found a fix but ultimately not a solution which should be regularly used.  A chassis based, single backplane switch would be a much better solution.

Again, saying "it will not work" in this case was inaccurate...sorry so the question should in fact be closed as-is and using my explanation as a fix.
O.K. I agree to allow the question to be closed, just a few questions.

Did the vendor explain why it was not working if it is supported?  The answer could help others having the same problem.

Which version of AOS are you running?

Had to go dig up old AOS command guides.  I will say that I made an assumption, which is not good.  When I hear uplink, I think tagged VLAN's.

Adtran does not necessary support "uplink" ports as the destination of a mirror.  They support using a single port as a destination of mirror while still allowing native VLAN (non-tagged) traffic flowing in and out of that port.    This was done so that you could use a port that  your computer was connected to for "normal" LAN use and as a destination for mirror port, at least that is how it was explained to me.

It was not meant to be used on ports that were connected to switches and if  you multiple VLANs, the tagged traffic would stop flowing.  If you used the no-isolate option the mirror command, the native VLAN (un-tagged) traffic would continue to flow.
The answer from tech support was purely traffic volume as an issue.  To address the "support" part, they do in fact support mirrororing to an "uplink".  I am a ATSA, ATSP, ASTP vWLAN, ASP and work very closely with Adtran on issues being a partner with them so I am very familiar wit htheir products.  The original question wasn't so much directed to a specific vendor as I am aware of the other vendors support of this and what their options are such as RSPAN etc. I was originally only curious as to what would be a ROOT cause of a switch to cause such a thing.

For example, the original design of this (and yes, it was very much opposed by me just because of the obvious port traffic volume issue which again was the issue), the desire of failover was requested.  So, the switches were daisey-chained together and then each switch was linked into the production network.  A laptop was connected to any switch, PINGed a device on the the network NOT attached to these switches, the first packet was missed (ARP request and always first packet missed) second and MAYBE third packet received and then nothing.  The cause....the ARP was mirrored and then each switch thought to get to the device was each other, never leaving the 3 switches.  So, the second network uplink was removed taking away redundancy, same issue, ARP again was the culprit.  Then we mirrored ONLY RX traffic from each downstream switch...problem solved.  Now traffic flowed normally which leads to the fact they support this.  

The ultimate solution was to dedicate an uplink port on each switch as a destination as well as a traffic only uplink.  On the core switch, you then change the source port from the uplink to the "monitor uplink" this would alleviate traffic volume issues.

BUT, to address your above statement, we have it in our lab, multiple VLANS, daisey-chained, doing port mirroring accross the TRUE uplinks and traffic still flows between VLANS so yes, in fact it DOES actually work but as soon as you increase the traffic, it's just too much and will eventually will stop.  We did packet capturing and was able to actually see this happening.