NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
MS510TXPP port mirroring question
Hello and good morning/afternoon/evening!
I have a MS510TXPP in which I'm trying to port mirror the max amount of eight ports (1-8) through Port 9 over to a server.
Ports 1 and 2 are part of a lacp lag that runs to a PF sense box which goes to the WAN.
My goal is to port mirror all traffic to my esxi server that's connected to Port 9 and from there I am going to run security onion.
I'm in the process of troubleshooting but want to verify how to properly set up the switch to port mirror the traffic.
It is allowing me to select port one and two, which again is a part of lacp lag, along with ports 3 through 8.
I have it set up to transmit and receice data(tx &rx) ports 1-8 thru port 9.
Will this work or is there a limitation to this switch? I've seen other Netgear switch do lag port mirroring, so wasn't sure.
Thanks
I have a MS510TXPP in which I'm trying to port mirror the max amount of eight ports (1-8) through Port 9 over to a server.
Ports 1 and 2 are part of a lacp lag that runs to a PF sense box which goes to the WAN.
My goal is to port mirror all traffic to my esxi server that's connected to Port 9 and from there I am going to run security onion.
I'm in the process of troubleshooting but want to verify how to properly set up the switch to port mirror the traffic.
It is allowing me to select port one and two, which again is a part of lacp lag, along with ports 3 through 8.
I have it set up to transmit and receice data(tx &rx) ports 1-8 thru port 9.
Will this work or is there a limitation to this switch? I've seen other Netgear switch do lag port mirroring, so wasn't sure.
Thanks
2 Replies
Can't see anything wrong - permitting the Onion adapter and Ethernet link has more bandwidth available than the two aggregated router ports.
- So, it is all working as it should.
Port 9 is running at 10Gbps and my LAG doesn't exceed 2Gbps, so my port mirroring of 1-8 ports is passing all traffic without dropped packets.
So if anyone else is looking to port mirror over to an ESXi server, Netgear makes it pretty simple. Each port, even if their in a LAG group, actually get mirrored individually. Now you may ask, could this mess up because of the LAG assignment, apparently not.
As for the issue I found, it related to how you pass thru the mirroring traffic to a VM within ESXi.
Make a dedicated v-switch and port group for the vmnic assigned to the physical NIC in which is receiving the port mirroring data. Set both the v-switch and port group to have promiscuous mode on. Then on the port group assign a VLAN of 4095.
After this, assign security onions monitor NIC to this newly created port group.
You should be good.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
