The packetsniffer is a very good tool for monitoring problems in larger networks, but its drawback is that it can only capture packets that go to the software, i.e. no traffic that is passing the switch chip only.
Is there any way to capture a specific port via packet sniffer ?
On my CRS125 my initial Idea was to mirror the port to switch1-cpu but I cant see any other traffic than the master port (ether1, which also has the switch IP address) in the stream, i.e. the same as without the mirroring in place..
Packet sniffer can capture and analyze packets that are going to, leaving or going through the router.
When you are using switch, you have to pass these packets from switch chip to ‘cpu’ port. All traffic will be passed trought master port.
This will allow you to capture and analyze these packets from all switch group.
E.g.
Create switch group:
/interface ethernet
set [ find default-name=ether3 ] master-port=ether2
set [ find default-name=ether1 ] master-port=ether2
Pass all traffic from switch to cpu:
/interface ethernet switch acl set 0 action=copy-to-cpu
Monitor all traffic from ether1 - ether3 by command:
/tool sniffer quick interface=ether2
You can also set your own sniff parameters (IP, Mac and so on) to scale down the output.
Thanks for your suggestion but as far as I know the CRS125 does not support ACL. Tried the command and I get:
> /interface ethernet switch acl set 0 action=copy-to-cpu
no such item
Cheking in WinBOX shows Switch->ACL being empty. Trying to add an ACL just setting action to “copy-to-cpu”, I get the message: “Couldn’t add New Switch ACL Rule - policy rules are not supported on this switch chip(6)”