I would like to implement a similar solution as depicted in the below diagram (Adtran's sample network). This would be my final configuration setup. However, before I reach this advanced phase, there are some issues we are experiencing on a very simple setup that almost closely matches the diagram below.
- Port Mirroring all switch ports.
- We are implementing (installing) an IDS / IPS appliance in the network that needs to capture all of the traffic from all of the switch ports. So we would like to Port Mirror (RSPAN, SPAN or Monitor Session) on all of the switch ports and direct this to a port on the NetVanta 1550-24 switch where the IDS/IPS appliance would be connected.
- LACP / Link Aggregation.
- Once port mirroring and capturing works, we would like to then add the LACP configuration to the switches.
- In essence, the final configuration should support capturing all the traffic from all the switch ports (using Adtran's Port Mirroring feature Monitor Session) to the UpStream / Core switch, where an appliance will be placed that is capturing and analyzing of this activity. Once this main feature is up and running properly, then add Link Aggregation (LACP) in the mix. With the final network almost looking and working as depicted in the above diagram.
Our Adtran NetVanta switches are arranged physically and logically as shown above. However, there is NO LACP / Link Aggregation currently running on any of the switches. Additionally, our upstream switch is a NetVanta 1550-24 and the closet switches are two (2) NetVanta 1534 switches. There is NO NetVanta 1534P POE switch in our setup. Just three (3) Adtran NetVanta 1500 series switches altogether. Only a single VLAN is in use i.e., the default VLAN.
So the tasks / objectives are basically two (2) things:-
- Port mirror all switch ports to the NetVanta 1550-24 port where an IDS / IPS will be capturing all the traffic. We have a similar setup at another location, but using Cisco's RSPAN SPAN technology.
- Once #1 is successful, then try to get LACP working.
Initial Testing in basic setup configuration for Port Mirroring / Monitor Session:-
- Our first testing of using the Port Mirroring feature to an Uplink switch / UpStream switch (core switch) was not successful. It worked at the start (first couple of minutes, about 10min), then all traffic just stopped. That is, we lost connectivity to the servers and none of the devices were reachable via ping or the client apps didn't see the server and network drives were no longer accessible.
- Here is what we did to get started with the setup/testing:-
- Activated Port Mirroring on only one of the NetVanta 1534 switches (source) and on the NetVanta 1550 switch (destination).
- So we used the CLI command 'monitor session', to port mirror ports 1-23 (Source ports) and made port 24 the destination port.
- On the NetVanta 1550 we port mirrored switch port 24 (uplink port servicing / connected to the NetVanta 1534 switch) as the source. And port mirror switch port #3 as the destination port.
- This testing was done only with a single-uplink. No LACP.
- Only Single VLAN, VLAN 1
- Using the packet sniffing tool, Wireshark, we saw and confirmed that all traffic on the network was reaching the Upstream / Core switch, i.e. the NetVanta 1550-24 switch.
- However, all traffic / network connectivity was lost by the servers and clients / workstations. Nothing could be reached.
- Once the Adtran switches were rebooted on which we made the configuration changes, all network traffic services was restored and things went back to normal. Pings got thru etc.
- We didn't save the changes made. So we could easliy revert if it didn't work.
Our configuration looked like this:-
- On the NetVanta 1534 switch
monitor session 1 source interface gigabit-switchport 0/1 both
monitor session 1 source interface gigabit-switchport 0/2 both
monitor session 1 source interface gigabit-switchport 0/3 both
monitor session 1 source interface gigabit-switchport 0/4 both
monitor session 1 source interface gigabit-switchport 0/5 both
monitor session 1 source interface gigabit-switchport 0/6 both
monitor session 1 source interface gigabit-switchport 0/7 both
monitor session 1 source interface gigabit-switchport 0/8 both
monitor session 1 source interface gigabit-switchport 0/9 both
monitor session 1 source interface gigabit-switchport 0/10 both
monitor session 1 source interface gigabit-switchport 0/11 both
..... continues on until gigabit-switchport 0/23
monitor session 1 destination interface gigabit-switchport 0/24
- On the NetVanta 1550-24 switch
monitor session 1 source interface gigabit-switchport 0/24 both
monitor session 1 destination interface gigabit-switchport 0/3
Problem(s) / Results:-
Traffic just stops after about 10mins or so.
- Why would the Adtran switches just stop passing traffic?
- Is this configuration acceptable or good to do port mirroring and send all traffic to an uplink port?
- In doing some research, someone on another forum says that the Adtran NetVanta can't handle the traffic to an uplink and eventually causes an unintentionally network loop. Seems like a reasonable explanation. A workaround was recommended. But I wanted to check here first as the Adtran support is great and the forum members very helpful and insightful.
- Once you can confirm that this basic minimum configuration can work, how can we then add LACP / Link Aggregation to the Adtran switches and still make the Port Mirroring work to an uplink port (and then to the UpStream (/Core) switch?