Mirroring of untagged ports in Extreme\Huawei switches

Posted by on August 1, 2014

I faced with task of mirroring few untagged ports from Extreme and Huawei switches to one monitoring server. It is trivial task, but I found some interesting issue.

I mirror traffic from one or few untagged ports (for example, with vlan 100) to another switch (Cisco Catalyst) and further to the monitoring server. Then, I saw only inbound traffic, with source IP of client. I saw that all traffic came to Cisco Catalyst, but only inbound traffic came to server. You can see traffic flows on scheme below

monitoring_1

The problem was in mirroring mechanism on Extreme\Huawei switches. Switch copies inbound frame BEFORE tag it, but copies outbound frame BEFORE cut of tag. So we send untagged inbound traffic and tagged outbound traffic to the mirroring port. Then, Cisco Catalyst takes this traffic on the port with “no switchport” option – and drops all tagged frames.

For solve this problem, you have to configure Cisco port as “switchport”, create vlans with same id with vlans on monitoring ports and allow this vlans on switchport, as you can see below.

monitoring_2

You must be careful for do not distribute your monitoring traffic for other ports on Cisco switch in this situation.