- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Aruba & ProVision-based
- >
- Re: mirror-port sees half of traffic as vlan tagge...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-02-2016 03:36 PM
05-02-2016 03:36 PM
I am trying to use a mirror-port on an HP 2530, but half the mirrored traffic is vlan tagged and I'm trying to determine if I can avoid this. I'm wondering if anybody knows if that is possible. The documentation seems inaccurate, and I don't really trust it.
It is a very simple mirror-port configuration, where I am monitoring a single interface which has a single untagged vlan. The mirror-port has a different untagged vlan on it. There are no tagged vlan ports anywhere on the switch.
When looking at traffic on the mirror-port, all the ingress traffic to the monitor port is untagged, but all egress traffic from the monitor port is tagged.
I've tried a number of variations. For example, making the mirror-port untagged on the same vlan as the monitor port. I have not seen any change in behavior. I also tried booting into YA.15.x firmware.
release #YA.16.01.0004
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-04-2016 07:48 AM
05-04-2016 07:48 AM
Re: mirror-port sees half of traffic as vlan tagged
I should add the device connected to the mirror-port is a Linux box. Here are a couple of packets from tcpdump that show the issue. The monitored port is connected directly to the 10.10.255.1 device. The packet leaving the monitored port arrives to my Linux box as vlan tagged (ethertype 802.1Q (0x8100)). The packet arriving at the monitored port is not vlan tagged (ethertype IPv4 (0x0800))
16:27:01.721917 f0:9c:e9:a6:8c:80 > b4:0c:25:4b:1c:10, ethertype 802.1Q (0x8100), length 102: vlan 1, p 0, ethertype IPv4, 10.10.255.109 > 10.10.255.1: ICMP echo request, id 25693, seq 0, length 64
16:27:01.722912 b4:0c:25:4b:1c:10 > f0:9c:e9:a6:8c:80, ethertype IPv4 (0x0800), length 98: 10.10.255.1 > 10.10.255.109: ICMP echo reply, id 25693, seq 0, length 64
Has anybody else seen behavior like this? The older switches I replaced with the 2530s did not act this way.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-04-2016 11:21 AM
05-04-2016 11:21 AM
Re: mirror-port sees half of traffic as vlan tagged
48 port variety of 2530? I was able to reproduce, am investigating.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-04-2016 12:41 PM
05-04-2016 12:41 PM
Re: mirror-port sees half of traffic as vlan tagged
Thanks Michael. It is a 24 port model. J9776A 2530-24G
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-05-2016 07:50 AM
05-05-2016 07:50 AM
Re: mirror-port sees half of traffic as vlan tagged
I was able to test a 2824 and a 3400cl, and they both exhibited the same behavior of half the traffic being vlan-tagged. The 2524 I am replacing with the 2530 did not tag any packets to the mirror port.
This leads me to believe this is intended behavior and is not a change nor a bug. It still seems strange to me.
The line in the documentation I keep staring at trying to see if I can change the egress traffic vlan tagging hasn't helped me
egress mirroring does not reflect the tagged or untagged
characteristic to the mirror port, instead it reflects the tagged or untagged characteristic of the
mirror port.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-05-2016 12:59 PM
05-05-2016 12:59 PM
Re: mirror-port sees half of traffic as vlan tagged
After rethinking this issue:
If you want to mirror a port having multiple VLANs....there's no other way than to keep the tags
- Tags:
- mirror
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-05-2016 02:36 PM
05-05-2016 02:36 PM
Re: mirror-port sees half of traffic as vlan tagged
The problem is the monitored port does not have multiple VLANs. Every port on the switch has a single untagged VLAN associated with it.
In other words, traffic never arrives at the switch tagged or leaves the switch tagged. However, the mirror-port is sent tagged packets.
My conclusion at this point is that this is simply how the mirror-port is implemented.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-05-2016 06:19 PM
05-05-2016 06:19 PM
Re: mirror-port sees half of traffic as vlan tagged
My understanding is that when *we* talk about traffic being "tagged" or "untagged" we are always talking about the frame format being implemented on a switchport.
Switches need to know what VLAN every single frame belongs to, independently of whether that frame arrived with a tag or not, and independently of whether the outgoing switchport is going to tag it or not.
So, internally and independently of any switchport, each frame is tagged by the switch when it is being switched.
Normally, you don't see these tags, but I wouldn't be surprised that some switches show slightly different behaviour around this.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-05-2016 08:33 PM
05-05-2016 08:33 PM
SolutionSpoke with one of our developers for this product and it appears to be a quirk of the switch chip when doing egress mirroring. All packets transit the switch with a VLAN tag and it is removed for untagged ports just prior to egressing the swtich. The mirrored copy is happening before that action is performed, so you get the tag in your mirror-port.
There doesn't appear to be anything that can be done in software to fix this behavior. I filed a bug internally to track it while we investigate further but I think this may just be how it works...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-06-2016 08:37 AM
05-06-2016 08:37 AM
Re: mirror-port sees half of traffic as vlan tagged
Thanks guys, I truly appreciate the assistance and insight. It does seem like this is just how it works. It would be a nice-to-have if this was configurable, and the documentation could be made clearer.