Port mirroring on GX-20

SOLVED
Raz
Here to help

Port mirroring on GX-20

I would like to be able to attach my IDS sensor directly to one of the ports of my GX-20 so I can mirror the traffic from port 1, where I have the GR-10 AP attached. 

1 ACCEPTED SOLUTION
hidden0
Meraki Alumni (Retired)
Meraki Alumni (Retired)

Hello @Raz 

 

I respect what you are trying to do and encourage your project. That being said, port mirroring capability on the GX20 is currently not an available feature, and would not be an ideal task for a firewall to perform. Typically, this behavior is configured on a switch. The GX20 performance would suffer significantly if it were to copy every frame to a mirror destination, and most firewalls try to handle IDS themselves instead of copying the frames elsewhere for inspection (or perhaps there is an inline IDS filter).

 

The GS product line of switches also does not support port mirroring.

 

Instead of mirroring traffic, is it possible that your IDS use more than one interface and bridge the traffic between them? This would allow the traffic to pass through the IDS filter CPU for inspection, and still make it from say the access point up to the GX20.

View solution in original post

2 REPLIES 2
hidden0
Meraki Alumni (Retired)
Meraki Alumni (Retired)

Hello @Raz 

 

I respect what you are trying to do and encourage your project. That being said, port mirroring capability on the GX20 is currently not an available feature, and would not be an ideal task for a firewall to perform. Typically, this behavior is configured on a switch. The GX20 performance would suffer significantly if it were to copy every frame to a mirror destination, and most firewalls try to handle IDS themselves instead of copying the frames elsewhere for inspection (or perhaps there is an inline IDS filter).

 

The GS product line of switches also does not support port mirroring.

 

Instead of mirroring traffic, is it possible that your IDS use more than one interface and bridge the traffic between them? This would allow the traffic to pass through the IDS filter CPU for inspection, and still make it from say the access point up to the GX20.

Hello @hidden0 

 

Thanks for the reply!

 


 

The GS product line of switches also does not support port mirroring.

 


😞 that's a bummer. I was actually planning to toss in a GS between AP and GX, but now I am considering another piece of equipment - maybe a Ubiquiti or a MikroTik - and I would like to know how this will affect my experience inside the app. 

Thanks for the suggestion about the IDS - it is definitely a solution - but right now it would be too much of investment for my setup (home network with WFH environment)