Hi,
I have a client that wants to collect internal data on a internal switch stack and mirror that to an security appliance device.
The MS 350 switches are L2 only and are in stacks of 8. Is there anyway to capture most of the switch traffic and mirror it to a security device off the switch in a simple way?
Or do you just have to simply click on all the ports you want (lets say 300 out of the 384 ports possibly in the stack of 8 switches) and click mirror?
Also if doing that, how would the performance/resource CPU impact be on the switch stack as a whole if enabling all of that?
Thank you
Solved! Go to solution.
depends if you traffic stays at the stack/vlan or not. if you know your traffic flows and most traverse to another coreswitch (vlan x to vlan y) or to the cloud you are best of capturing only the uplinks.
Hi, Yes the traffic would be internal to the stack. Capturing on the trunk links and/or core switch would only show traffic going between floors or inter-vlan traffic.
That i understand, but my question was specifically for the same switch (same floor) traffic.
How to capture all those ports and the impact?
Thanks
Can you even mirror ~300 ports to a single port? Assuming that this is possible you're almost certainly going to run into bottleneck issues and lose a percentage of mirrored traffic.
If this kind of traffic analysis is required IMO you're better off looking at Gigamon or Netscout or the like for network taps.
ok great thank you
@Atags - so how did things work out on Mirror port for all those switchports, did it affect switch CPU performance. Also is it possible to send stack 1 mirror ports source to another stack member?
Anyone if you have experience or knowledge this would be very helpful. I have an 8 stack of Meraki MS225s and I am trying to mirror 48 ports from 1 switch and send them to a designated port on switch stack 2. Therefore, I will have 90 ports mirrored to one port on Stack 1....does that sound doable.