Ethernet Switches & Routers

Reply
Contributor
Posts: 23
Registered: ‎03-19-2013

Transparent hw vlan flooding + L2 ACL mirror

Hello,

we are trying to implement a Network monitoring solution, we have a Brocade switch where we recieve all traffic from other switches (ADM)...we enabled transparent hw flooding and it works fine for the Collectors who run linux....since those servers are connected to tagged ports and they can understand tagged packets.

However, there is one server which is running windows...so it needs an access port. We did a l2 access list where we grouped 4 vlans (4 downlinks) and mirror them to a port....but it doesnt work....We did a wireshark capture (with linux) and we see packets coming with 2 802.1q tags...the question is why am I still recieiving tagged packets in an untagged port???

This is my config:

SW1------->(12/1)ADM(2/5)------>windows collector

vlan 2500

untagged ethe 2/5

vlan 4019 name SWPOD1A

untagged ethe 12/1

transparent-hw-flooding

tag-type 9100 ethe 12/1

interface ethernet 2/5

port-name SUPER_AGENT

enable

mac access-group 400 in

spanning-tree protect do-disable

loop-detection shutdown-sending-port

interface ethernet 12/1

port-name 9S_DAC_IXTLA1_052

enable

mac access-group 600 in

mac access-group 400 out

spanning-tree protect do-disable

acl-mirror-port ethernet 2/5

loop-detection shutdown-sending-port

loop-detection

access-list 600 permit any any 4019 etype any mirror

access-list 600 permit any any 4027 etype any mirror

access-list 600 permit any any 4028 etype any mirror

access-list 600 permit any any 4029 etype any mirror

access-list 600 permit any any any etype any

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.

vADC is now Pulse Secure
Download FREE NVMe eBook