Re: [nanog] Re: Switch designed for mirroring tap ports

[David LaPorte <david_laporte () harvard edu>]

We're doing something similar - VACLs (using the "redirect" action) with
port-channel destinations on a span aggregation 650x.  If you've got a
spare 650x chassis lying around and your configuration requirements
aren't terribly complex/dynamic, you can do monitoring with filtering
and load-balancing at high-throughput on it.

On 03/01/12 06:03, David Swafford wrote:
> Take a look at VACLs on the Cat side.  It has a capture feature that is
> effectively the same as a local SPAN, but without the 2 session limit. If
> you do a lot of RSPAN though, this wouldn't be your complete answer (VACL
> captures are local only).  VACLs are a bit more granular in defining what's
> captured, if say for example you only wanted traffic destined to TCP/80,
> you could configure it that way.
>
> David.
>
>
> On Thu, Mar 1, 2012 at 5:52 AM, Terry Baranski <
> terry.baranski.list () gmail com> wrote:
>
> > On Mar 1, 2012, at 02:13 AM, apishdadi () gmail com wrote:
> >
> > > Hello All,
> > >
> > > We are looking for a switch or a device that we can use for mirroring
> > > tap ports. For example , take a mirror port off of a core router say
> > > a 6509, connect it to a port on said device, say port 1. I would like
> > > then to be able to mirror port 1 on said device to multiple ports,
> > > like port 2 , 3, 4. We have the need to analyze traffic from one port
> > > on multiple devices. Seems most switches are limited to mirroring to a
> > > max of 1 or 2 ports.
> >
> > We like Gigamon for this purpose.
> >
> > -Terry