Meraki

Community

Port Mirroring on MS Switches

Solved
Atags
Getting noticed
‎Feb 27 2019 11:36 AM
‎Feb 27 2019 11:36 AM

Port Mirroring on MS Switches

Hi,

I have a client that wants to collect internal data on a internal switch stack and mirror that to an security appliance device.

The MS 350 switches are L2 only and are in stacks of 8. Is there anyway to capture most of the switch traffic and mirror it to a security device off the switch in a simple way?

Or do you just have to simply click on all the ports you want (lets say 300 out of the 384 ports possibly in the stack of 8 switches) and click mirror?

Also if doing that, how would the performance/resource CPU impact be on the switch stack as a whole if enabling all of that?

 

Thank you

 

0 Kudos
1 Accepted Solution
In response to jdsilva
Atags
Getting noticed
‎Feb 27 2019 12:31 PM
‎Feb 27 2019 12:31 PM

ok great thank you

View solution in original post

0 Kudos
5 Replies 5
ww
Kind of a big deal
Kind of a big deal
‎Feb 27 2019 11:45 AM
‎Feb 27 2019 11:45 AM

depends if you traffic stays at the stack/vlan or not.  if you know your traffic flows and most traverse to another coreswitch (vlan x to vlan y) or to the cloud you are best of capturing only the uplinks. 

0 Kudos
In response to ww
Atags
Getting noticed
‎Feb 27 2019 11:48 AM
‎Feb 27 2019 11:48 AM

Hi, Yes the traffic would be internal to the stack. Capturing on the trunk links and/or core switch would only show traffic going between floors or inter-vlan traffic.

That i understand, but my question was specifically for the same switch (same floor) traffic.

How to capture all those ports and the impact?

 

Thanks

0 Kudos
In response to Atags
jdsilva
Kind of a big deal
‎Feb 27 2019 12:11 PM
‎Feb 27 2019 12:11 PM

Can you even mirror ~300 ports to a single port? Assuming that this is possible you're almost certainly going to run into bottleneck issues and lose a percentage of mirrored traffic. 

 

If this kind of traffic analysis is required IMO you're better off looking at Gigamon or Netscout or the like for network taps. 

http://blog.brokennetwork.ca | @jdsilva
In response to jdsilva
Atags
Getting noticed
‎Feb 27 2019 12:31 PM
‎Feb 27 2019 12:31 PM

ok great thank you

0 Kudos
bigkeoni64
Here to help
‎Jan 14 2022 4:18 PM
‎Jan 14 2022 4:18 PM

@Atags - so how did things work out on Mirror port for all those switchports, did it affect switch CPU performance. Also is it possible to send stack 1 mirror ports source to another stack member?

 

Anyone if you have experience or knowledge this would be very helpful. I have an 8 stack of Meraki MS225s and I am trying to mirror 48 ports from 1 switch and send them to a designated port on switch stack 2. Therefore, I will have 90 ports mirrored to one port on Stack 1....does that sound doable. 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.