- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Port Mirror on a MS425 Stack
Hi all,
We have a MS425 stack with 6 switches.
We enabled a port mirror on 1 port to 1 destination port. After enabling a second port to this destination. VLAN mismatches appear on other switches in the stack.
There is nothing connected to this port, but it shows the switch connected to the source port of the mirror
Switches are on 12.33 firmware, but I had the same behaviour on lower firmwares 2
When enabling more mirror ports, the same happens to more ports on different switches ...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That's interesting. It had never occurred to me to try and mirror two source ports to the same destination port. I just assumed this was not a valid config. But that was a pure assumption.
It is also not obvious to me that your assumption that this is a valid case is also correct.
Could you open a case with support and case them if this is valid, and them come back and let everyone know?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I opened a support case. First step was to upgrade to the latest firmware 🙂 That did not help.
Having multiple source ports sending traffic to the same port (Meraki supports only 1 destination port, aggregate ports are also not supported as source port) is the only way to capture traffic for Cisco Stealthwatch or Darktrace analysis.
Is anyone els using Stealthwatch or Darktrace with Meraki MS425 stacks?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You could use multiple StealthWatch probes.
I haven't done it for a while, but last time I used MXs and NetFlow.