Add VM to a Port Mirroring Session

Similar Messages

• Managing vDS Port Mirroring Sessions

  When using vDS port mirroring, you can only select groups of Vms by ports, not by other groupings such as virtual machine folders, clusters, hosts, etc.  This means that although you can set up a port mirroring session to take a set of existing VMs and mirror their traffic to a collector, vCenter doesn't automatically add new VMs in the same folder as those existing VMs to the session.  YOu can specify a range of vDS ports to mirror, but you don't know what port numbers will be assigned new VMs when they are created.  If you want to mirror all VMs for a group of VMs belonging to one department or one customer, and have all new VMs belonging to that department or customer added to the mirroring session, what is the best way to do this?

  Does this mean that mirrored traffic will leave the ESXi management vmkernel port?
  That appears to be the case, and is the only way that makes sense to me. I mean you need some independent existing IP stack to transport the encapsulated traffic.
  This is also suggested by this article:
  http://www.routereflector.com/2014/07/port-mirroring-on-vmware-vswitchdvswitch-dvmirror/

• Why does my sg 200 keeps changing port mirror destination to g1

  On my sg 200-8 I have 1 port mirror session, with destination set to g4. If I disable, then enable, it changes the port to g1 and g4 is not among the ones I can choose. How do I re-enable it, without having to delete it and create a new one. And why does it keep changing it to g1?

  Thanks Thomas. I think I was looking at it wrong regarding the SG switch saying that access mode ports do not tag traffic. It looks like it's from the viewpoint of how the ingress traffic looks. So, a port in access mode assumes that traffic coming in is untagged. Once that traffic ingresses into the port it is then tagged with the VLAN specified for that port. Does this sound right? It's just confusing how the SG switches describe the access mode ports as the PVID being untagged, when it actually is being tagged after data ingresses into the port.
  By the way, the layer 3 device is an ASA 5510, which is also performing DHCP for the VLAN.
  As you mentioned, I think my core issue is the upstream trunking configuration, which I'm looking into.
  Thanks for your help,
  Logan

• VDS Port Mirroring

  I am mirroring traffic from virtual machine A on a VDS.  It is mirroring traffic to a physical server somewhere else across the datacenter.  As always, I also have a vmkernel port used for ESXi management traffic. When I create a vDS Port mirroring session - what interface does the mirrored traffic leave ESXi on?  The ESXi vmkernel management port, or just the same virtual switch port that virtual machine A is on?  Do port mirroring sessions send any data on the vmkernel management port at all?

  Does this mean that mirrored traffic will leave the ESXi management vmkernel port?
  That appears to be the case, and is the only way that makes sense to me. I mean you need some independent existing IP stack to transport the encapsulated traffic.
  This is also suggested by this article:
  http://www.routereflector.com/2014/07/port-mirroring-on-vmware-vswitchdvswitch-dvmirror/

• Port Mirroring SRW2048

  Hello,
  Does anybody know the specifications about port mirroring funcionality for Cisco SRW2048 48-Port Gigabit Switch?
  I need to know about:
  1.- Is there any limit in port mirroring sessions?
  2.- Can one target port receive traffic from multiple ports?

  Hi Dave,
  Thanks for your answer, of course I understand I can't have 4 Gbps out of the egress port, bust sometimes we know that even when the link is 1 Gbps the traffic is not going to fill that bandwidht.
  Regarding the sessions question, I understand by your response you can have:
  Source Port    Type                      Target port
  g1                           Rxonly                   g3
  g2                           Rxonly                   g3
  g4                           Rxonly                   g6
  g5                           Both                      g6
  Can you confirm this?
  We are evaluating to propose this switch to a customer and we need to have this feature.
  If there isn't any limitation in mirroring traffic, except logical bandwith capabilities, then I can't understand why Catalyst 2960 have a limitation to one or two monitor sessions ... The catalyst are suposed to be better switches ......
  Best Regards

• SGE2000P 24 ports - Port Mirroring limitation

  Hi everybody,
  I need to setup port mirroring on several ports on a SGE2000P 24 port switch.
  I easily managed to setup 1 session (1 target port) listening to 8 ports (source ports) but it seems like I can't add any more port.
  Line No.
  Error Type
  Value
  Diagnostic
  1
  Unknown value
  Too many monitoring sessions..
  I went through the switch documentation and I could not find any information regarding limitations on the number of mirrored ports.
  Is anyone aware and can confirm this limit?
  If this is the case, is it possible to setup more than one session (target port)?
  Thank you,
  Roberto

  These switches only support 1 session only with 8 source ports to 1 destination port.
  Best Regards,

• Cat 3750-Span (Port Mirroring issue)

  Hello team
  I am facing port mirroring issue in my setup. Details of the setup are mentioned below
  Setup--
  Stack of 4 catalyst switches WS-C3750X-48P running software 15.0(1) SE3 .Approximately 12 vlans are configured in this setup and port mirroring is done for all vlans with destination configured as single Gig Ethernet port...The setup works fine from mirroring perspective for 3-4 days and after that machine connected to destination port stops getting data.
  Observations-
  It has been observed that during the issue, the port configured for mirror destination has lot of packet drop/input errors on the port statistics.
  If we configure only TX packet mirroring, it works for 8 -10 days
  If we configure TX & RX packet mirroring, it works for 2-3 days
  Testing done
  Tried clearing counter on destination port but no success (mirroring doesn’t start)
  Tried  shut /no shut for the destination port but no success.
  Tried restarting the machine connected to destination port but no success
  Workaround
  We need to reconfigure the mirroring configuration after removing the mirroring config from the switch. Once the same is done, mirroring starts working.
  Want to understand
  1-is there any HW limitation for the switch (destination port not capable of handling mirroring traffic)
  2-is there any software related issue?
  3-what can be permanent resolution for the same..

  Hello
  We have tried this previously but found same result.
  1- we deleted the monitror session and recreated again with same session number
  2-we deleted the monitor session and created new session (session id diffrent ) with same config..
  in both cases its working for 3-4 days..

• Mirror and Witness Connection in a Disconnected state immediately after adding Witness Server to Mirror session.

  After adding the Witness Server to the Mirror session, the Witness Connection state between the Mirror and Witness Connection is Disconnected and the state between Principal and Witness Connection is Connected.
  The procedures defined in Books Online was used to setup Database Mirroring...when the Witness server was added to the Mirror session, only the alter database T-SQL statement was executed on the Principal server.
  ALTER DATABASE <db_name> SET WITNESS = 'TCP://<servername>:<port>'
  After executing the above statement, a few seconds later the state between Principal and Witness Connection changed to Connected and the state between Mirror and Witness Connection remains Disconnected.
  The Mirror session is not using Certificates, every server is on the same domain, using the same domain login account, and all servers have SP2 installed running Enterprise Edition.
  Any idea's why the state between Mirror and Witness Connection remains Disconnected?
  Thanks,

  I have the same problem.  All 3 servers are on a workgroup and I'm using certificates. All three servers are connected via  switch.  This is a test environment, with the principal server being a 64 bit OS with Windows Server 2003 R2 with SQL Server standard x64, the witness server is a Windows server 2003 SP2 x32 with SQL Server Express, and the mirror is Windows XP x32 with Sql Server Standard. Using hard coded static IP addresses (FQDN makes no difference, and they get resolved to IP addresses anyway!).  The mirror server log shows
  'The server instance Witness rejected configure request, read its error log file for more information
  but of course there are no errors logged on the witness server - not by SQL, nor in the event log.  When the witness is set on the princial server, the Database mirroring monitor shows almost immediately that the witness and prinicapl servers are connected, but it takes quite a few seconds before the witness/mirror state is shown as disconnected.  Until then the entry is blank.  The monitor also shows High Saftey with automatic failover, which isn;t true - since the mirror and witness are not connected, no failover occurs when the principal is taken offline.
  Since I'm running terminal services on the XP machine to interact with the witness and principal server, I find it hard to image that there are network issues. 
  If the witness can connect with the principal and the principal can conect with the mirror, under what circumstances will the witness NOT connect with the mirror?  When I check the witness server for entries in the database_mirroring_witness view the following is shown:
  RTJobs TCP://primary-sql:5022 TCP://192.168.100.14:5022 2 FULL 1 1 2263BD97-1004-4D73-9966-7AFB89E5626E A6EE18DF-19C4-48EC-8C06-77074EF5A275 0 1
  Interestingly the IP address of the prinical server is replaced by the Sql Server instance name (primary-sql) but this doesn't happen for the witness.  

• Port mirroring with ALOT of Drops Tx on a 5406zl

  Hi everybody.
  My first post here and I'm convinced that the questions I have will be easily answered by several of the true experts that reside here in the forum.
  Question #1.
  I've set up port mirroring this way on my HP procurve J8697A Switch 5406zl (Software revision K.15.12.0015)
  sw-dh-1(config)# show monitor 1
  Network Monitoring
     Session: 4    Session Name:
        Mirror Destination:  B13   (Port)
        Monitoring Sources  Direction Truncation Mirror Policy
        Port: F1            Both       No         -
        Port: F2            Both       No         -
        Port: F3            Both       No         -
        sw-dh-1# show monitor 2
  Network Monitoring
     Session: 3    Session Name:
        Mirror Destination:  A6    (Port)
        Monitoring Sources  Direction Truncation Mirror Policy
        Port: A7            Both       No         -
        Port: B6            Both       No         -
        Port: B10           Both       No         -
        Port: Trk5          Both       No         -
        Port: Trk9          Both       No         -
        Port: Trk11         Both       No         -
  See output of "show interface" below. I'm worried about "Drop Tx". What does that mean exactly? Are mirrored packets dropped or does this mean that the ordinary traffic on the monitoring ports are also affected? If yes, how? Data loss, resending packets, loss of speed, high CPU load on the switch?
  sw-dh-1# show interfaces B13
   Status and Counters - Port Counters for port B13
    Name  : <removed>
    MAC Address      : xxxxxx-xxxxx
    Link Status      : Up
    Totals (Since boot or last clear) :
     Bytes Rx        : 576                Bytes Tx        : 4,252,895,128
     Unicast Rx      : 0                  Unicast Tx      : 3,440,299,294
     Bcast/Mcast Rx  : 9                  Bcast/Mcast Tx  : 412,639,331
    Errors (Since boot or last clear) :
     FCS Rx          : 0                  Drops Tx        : 29,441,235
     Alignment Rx    : 0                  Collisions Tx   : 0
     Runts Rx        : 0                  Late Colln Tx   : 0
     Giants Rx       : 0                  Excessive Colln : 0
     Total Rx Errors : 0                  Deferred Tx     : 0
    Others (Since boot or last clear) :
     Discard Rx      : 0                  Out Queue Len   : 0
     Unknown Protos  : 0
    Rates (5 minute weighted average) :
     Total Rx  (bps) : 0                  Total Tx  (bps) : 5,002,088
     Unicast Rx (Pkts/sec) : 0            Unicast Tx (Pkts/sec) : 0
     B/Mcast Rx (Pkts/sec) : 0            B/Mcast Tx (Pkts/sec) : 6
     Utilization Rx  :     0 %            Utilization Tx  : 0.50 %
  sw-dh-1# show interfaces A6
   Status and Counters - Port Counters for port A6
    Name  : <removed>
    MAC Address      : xxxxx-xxxxx
    Link Status      : Up
    Totals (Since boot or last clear) :
     Bytes Rx        : 960                Bytes Tx        : 1,442,037,177
     Unicast Rx      : 0                  Unicast Tx      : 1,988,961,810
     Bcast/Mcast Rx  : 15                 Bcast/Mcast Tx  : 339,915,002
    Errors (Since boot or last clear) :
     FCS Rx          : 0                  Drops Tx        : 1,647,165,303
     Alignment Rx    : 0                  Collisions Tx   : 0
     Runts Rx        : 0                  Late Colln Tx   : 0
     Giants Rx       : 0                  Excessive Colln : 0
     Total Rx Errors : 0                  Deferred Tx     : 0
    Others (Since boot or last clear) :
     Discard Rx      : 0                  Out Queue Len   : 0
     Unknown Protos  : 0
    Rates (5 minute weighted average) :
     Total Rx  (bps) : 0                  Total Tx  (bps) : 5,000,000
     Unicast Rx (Pkts/sec) : 0            Unicast Tx (Pkts/sec) : 0
     B/Mcast Rx (Pkts/sec) : 0            B/Mcast Tx (Pkts/sec) : 0
     Utilization Rx  :     0 %            Utilization Tx  : 0.50 %
  Utilzation and total last 5 minutes is off since I turned the mirroring off when I saw the drops. Utilization when port mirroring was on was 20-35%.   
  Question #2:
  Is it better if I mirror out all traffic to the 10GB port instead? Assuming that it is possible to do port mirroring to the 10GB port?
  best regards,
  Dean Y

  You don;t indicate which router you have, but that doesn;t really matter.Neither the Actiontec MI424-WR or the Quantum G1100 have port mirroring.  You need qan old fashioned hub, or a managed switch that supports it. 

• ASR1001 Port Mirroring

  Hi
  anyone can help me how to do the port mirroring on ASR1001 router?

  Hi Zeeshanraza,
  From this Cisco documentation: Configuring ERSPAN
  "The monitor session span-session-number type local command is not supported on Cisco ASR 1000 Series Routers."
  Alternatively you can try using ERSPAN as Local SPAN
  Example: Configuring an ERSPAN as a Local SPAN
  The following example shows how to configure an ERSPAN as a local SPAN.
  monitor session 10 type erspan-source
  source interface GigabitEthernet0/0/0
  destination
  erspan-id 10
  ip address 10.10.10.1
  origin ip address 10.10.10.1
  monitor session 20 type erspan-destination
  destination interface GigabitEthernet0/0/1
  source
  erspan-id 10
  ip address 10.10.0.1
  Regards,
  Hendro

• Trouble With Port Mirroring (SG200-08)

  Trouble with port mirroring.
  Even though both Tx and Rx is specified, only getting half the conversation.  Ping reply only for instance.  And when pinging from other locations no traffic at all.
  Please help
  SG200-008
  FW Version: 1.0.2.0
  Boot Version D.3.1
  Thanks

  I also have problem with the mirroring of port on my SG200-08.  The firmware is 1.0.6.2.
  I mirror the port g1, to which my router to the Internet is connected, to the port g2 to be able to see the traffic with a Centos system running Bandwidthd connected to the port g2.  The problem is that I only see the traffic coming in (downloads from the Internet) and not the traffic comming out (uploads to the Internet).
  When looking at the SG 200-08 on the web interface at "Status and Statistics/Interface" and looking at the port g2, I see values for the "Transmit Statistics", but all the values are at 0 for the "Received Statisticsc" (see the attached file)
  I confirmed that in "Administration/Diagnostic/Port Mirroring" is set up both Tx and Rx (it does not work either if I have Tx or Rx alone: I do not see the uploda traffic to the Internet). See the attached file.
  This is very annoying as I purchased this SG 200-08 especially for this and it does not do the job porperly.
  Does anybody knows a solution to this?

• Porting logic sessions between studios

  Hi,
  I work with Logic Pro 7 at my home studio along with the studio at my workplace. I'm trying to figure out how to take session files back and forth between the two without having issues of missing audio instrument files, etc.
  btw, both studios have the same software plug-ins (Kontakt 3, Vokator, Spectrasonics Atmosphere, etc.).
  One issue I have is that when I "consolidate" a Logic project into one folder, it doesn't save 3rd party plugin settings in the folder (it only saves Logic-related plugs like EXS24).
  Does anyone work in this type of situation?
  Do you have any suggestions to make porting Logic sessions between two locations easier?
  -Michael

  I believe the "Save as project" function is the best thing for that situation. Like you said, it won't automatically save 3rd party plugin settings, but you can always save a 3rd party plugin (in the plugin window), and then copy the file from (from user/library/app support/logic/plugin settings) into your project folder. It would be nice if "Save as Project" included that, but it's still pretty useful for consolidating elements of your project.

• VSphere Port Mirror - Possible Bug Found

  Hi,
  Something i came across to and thought could be worth while reporting it since i havent seen any reference to it elsewhere:
  We've configured a few "source remote port mirror rules" for a few VMs, in a way that each VM had 3 vNics that were mirrored.
  long story shot: one VM had one vNic that was E1000 and not VMXNET3 like all the others, each time i enabled the "source remote port mirror" rule for the E1000 vNic, all other port mirrors (from this VM and other VMs located on the same ESX) stopped working. problem was solved after i removed the vNic and created a new one, this time a VMXNET3 vNic.
  didnt see any reference about E1000/VMXNET3 regarding vSphere Port Mirroring. New bug maybe?

  Hi,
  Something i came across to and thought could be worth while reporting it since i havent seen any reference to it elsewhere:
  We've configured a few "source remote port mirror rules" for a few VMs, in a way that each VM had 3 vNics that were mirrored.
  long story shot: one VM had one vNic that was E1000 and not VMXNET3 like all the others, each time i enabled the "source remote port mirror" rule for the E1000 vNic, all other port mirrors (from this VM and other VMs located on the same ESX) stopped working. problem was solved after i removed the vNic and created a new one, this time a VMXNET3 vNic.
  didnt see any reference about E1000/VMXNET3 regarding vSphere Port Mirroring. New bug maybe?

• HT4522 Sounds fine but how do I add partitions in air port utility

  Sounds fine but how do I add partitions in air port utility

  It is possible to partition the drive, but you have to physically pull the hard drive from the Time Capsule and place it in a separate enclosure for the formatting operation, then reinstall the drive again back in the Time Capsule.
  Unfortunately, in addition to a lot of work, this will void the warranty on the Time Capsule.
  It is possible to create one or more disk images on the Time Capsule using Disk Utility.
  While a disk image is not technically a "partition" in the normal sense, it will allow you to specify and reserve a given amount of space on the drive for the image or images that you create.

• SG300-28 Port Mirroring

  Hello,
  I am wondering if anyone else has issues with port mirrors? I have created a mirror to copy all packets from Interface gi1 to interface gi28. I don't see any port 80 traffic, or 443 or any revelant traffic. I see mostly broadcast from other devices. I have a security device that is logging all the copied packets from my firewall for malware/IPS, etc inspection.
  Right now I have it monitoring vlan 1 in the hope that it would resolve this issue but I see no change. The config is attached for viewing.
  Any thoughs?

  Hi Alan, try to monitor a specific port instead of the whole VLAN.
  -Tom
  Please mark answered for helpful posts