Many-to-Many MS Port Mirroring Solutions

KRobert
Head in the Cloud

Many-to-Many MS Port Mirroring Solutions

Hello MS Community! We recently partnered with a Security MSP and the have supplied us with an appliance that needs to sniff our traffic appliances connected to MS250 switches. During installation, we discovered the Meraki switches only support 1-to-1 or 1-to-many port mirroring switchports. Typically this MSP appliance would tap into multiple interfaces on a Cisco switch and contain specific VLAN traffic per mirrored port. 

 

Example includes:

1-to-1 to port mirror for LAN traffic. 

1-to-1 to port mirror for WAN traffic.

1-to-1 to port mirror for DMZ traffic. 

 

In this example, three sniffing ports on the appliance would connect to three mirror destination ports, which would be mirroring 3 source ports. 

 

Based on Meraki's documentation, this isn't possible, but I was wondering if anyone has had support be able to change this to support multiple 1-to-1 port mirrors or if you had to come up with a solution to workaround the issue. Any information would be helpful.

 

Thank you,

CMNO, CCNA R+S
3 Replies 3
PhilipDAth
Kind of a big deal
Kind of a big deal

Use a trunk port to the MX for as much as possible, and the mirror that to the device.

KRobert
Head in the Cloud

We have two trunk ports on our MX, one for the LAN and one for the DMZs. So this allows us to see the LAN and I could see the appliance viewing the DMZs as well. The problem we are having is with the combo of needing the LAN/WAN together and pointing it back to the single sniff port. Ideally we need two sniff ports on the MS appliance.
CMNO, CCNA R+S
KarstenI
Kind of a big deal
Kind of a big deal

I assume you need to buy a network-Tap.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels