Advanced port mirroring with filtering

• Previous message (by thread): Advanced port mirroring with filtering
• Next message (by thread): Cell phone links disabled in New York tunnels
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 11:49 AM 7/11/2005, Nathan Allen Stratton commented:


>I wanted to ping the list and get some feedback on switches with advanced
>port mirroring with filtering. Right now we are using Cisco 6509s with SUP
>720s in a VoIP application. The routers and switches work well, but we keep
>hitting the wall on port monitoring because cisco only lets us have two
>monitoring ports.

That is not exactly true - we give you two sessions (in IOS). Each session 
can monitor a number of ports or VLANs and mirror the traffic to one or 
more destination ports, an RSPAN VLAN, or a remote device over GRE using 
ERSPAN. You can configure dot1q trunking on the destination interfaces & 
use allowed vlan lists to create "virtual" VLAN span sessions using a 
single actual session. I can send you a document describing this 
configuration if you like.

>Lets say I have a 32 port switch with all sorts of SIP hardware on it. I
>am looking for a switch that would let me do someting like this:
>
>Mirror all POP ISP traffic to NetVMG box
>Mirror all SIP and RTP traffic to VoIP Hammer probe
>Mirror all SIP (5060 65060) traffic to signaling to Ethereal box
>Mirror all RTCP traffic to VoIP quality engine

So you may be able to accomplish what you need using the various SPAN 
session options above.
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/swcg/span.htm

There is also the VLAN ACL feature which uses the ACL TCAM entries to 
either capture or redirect IP traffic to capture or redirect ports 
respectively.

This is accomplished by configuring a vlan access-map (assuming IOS) to 
match the traffic you want and say whether you want to 
permit/permit+capture/deny/redirect it. Then you tie the access-map to the 
vlan with the vlan filter command.
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/swcg/vacl.htm

Hope that helps,
Tim


> ><>
>Nathan Stratton                                   BroadVoice, Inc.
>nathan at robotics.net                                 Talk IS Cheap
>http://www.robotics.net                           http://www.broadvoice.com



Tim Stevenson, tstevens at cisco.com
Routing & Switching CCIE #5561
Technical Marketing Engineer, Catalyst 6500
Cisco Systems, http://www.cisco.com
IP Phone: 408-526-6759
********************************************************
The contents of this message may be *Cisco Confidential*
and are intended for the specified recipients only.

• Previous message (by thread): Advanced port mirroring with filtering
• Next message (by thread): Cell phone links disabled in New York tunnels
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]