I don't know if it still works on modern switches, but many years ago I
was able to have Cisco LAN switches configured such that a single L2
MAC address could be statically associated with multiple interfaces
(i.e. router interface). This made it possible to duplicate all
traffic to destined to one station to appear on two (maybe more?) ports.
You might try this also if you have an unused and available switch.
John
Most smart switches do port mirroring. But I've had the predecessor to that tap for a few years. It has always worked well.
Ray Orsini
Chief Executive Officer
OIT, LLC
305.967.6756 x1009 | 305.571.6272
ray@oit.co | www.oit.co
oit.co/ray
John,
We used cisco in the past. The issue we have is the switches that will mirror to more than one port have fans pushing the heat into the cold isle. From what I was able to see Cisco does not have any AFO switches that will mirror to more than one port.
um, really? Have you tried disabling mac learning? This will cause all traffic to be unicast flooded to multiple ports.
Nick
Yup, Tried that. Incoming interface is set as:
interface Ethernet1/37
switchport mac-learn disable
description tor-31-1 ge-0/0/44 SPAN
switchport mode trunk
switchport trunk allowed vlan 2,999
ip access-group DROP out
Outbound interfaces are set to:
interface Ethernet1/46
description MON1
switchport access vlan 999
The issue is that the traffic coming in, is coming from a Juniper switch where the traffic has vlan tags on the packets.
you might want to disable it on the entire vlan.
Nick