Meraki Community

FraDoo · ‎Feb 24 2021

Hi all,

We have a MS425 stack with 6 switches.

We enabled a port mirror on 1 port to 1 destination port. After enabling a second port to this destination. VLAN mismatches appear on other switches in the stack.

There is nothing connected to this port, but it shows the switch connected to the source port of the mirror

Switches are on 12.33 firmware, but I had the same behaviour on lower firmwares 2

When enabling more mirror ports, the same happens to more ports on different switches ...

PhilipDAth · ‎Feb 24 2021

That's interesting. It had never occurred to me to try and mirror two source ports to the same destination port. I just assumed this was not a valid config. But that was a pure assumption.

It is also not obvious to me that your assumption that this is a valid case is also correct.

Could you open a case with support and case them if this is valid, and them come back and let everyone know?

FraDoo · ‎Feb 24 2021

I opened a support case. First step was to upgrade to the latest firmware 🙂 That did not help.

Having multiple source ports sending traffic to the same port (Meraki supports only 1 destination port, aggregate ports are also not supported as source port) is the only way to capture traffic for Cisco Stealthwatch or Darktrace analysis.

Is anyone els using Stealthwatch or Darktrace with Meraki MS425 stacks?

PhilipDAth · ‎Feb 25 2021

You could use multiple StealthWatch probes.

I haven't done it for a while, but last time I used MXs and NetFlow.

Meraki Community

Port Mirror on a MS425 Stack

Port Mirror on a MS425 Stack