I have traffic bring switched between two routers on ports 6,7. Pure switching, the traffic never hits the 3011 CPU. I set this up by creating a regular ROS bridge then adding ports 6,7 to it and enabling “hardware offload” on both ports. I think this is the new way to configure switching in ROS 6.7.
So far so good. Now I’d like to packet sniff the traffic being switched on those ports (sniffing using the local ROS packet sniffer tool).
I’m scratching my head how to do this. I think it’d be done by mirroring traffic to the CPU port for switch2 and somehow putting that port into promiscuous mode.
Can’t see how to do that in Winbox.
I’m hoping someone else has already figured out how to do this.
Thanks!
After some more searching, finding a few posts from others reporting the same problem, with no solution, but gave me a few ideas to try. Here’s how you do this:
- Switch port mirroring is configured switch-wide. You get to say “mirror packets on port X to port Y” once per switch. So to sniff traffic on port 6 set mirror-source to ether6 and then (crucially) set mirror-target to “cpu” (see below).
- Now the tricky part: where exactly did the mirrored traffic go? There isn’t an interface in the sniffer list labeled “switch 2 cpu port”. The secret sauce is to know that ROS has invented the etherxx ports: they don’t really exist. What actually exists is “the cpu port on switch 2”. When we select ether6 for example, ROS programs the hardware to direct port 6 traffic to the CPU port and presumably a kernel device it creates. So, magically, the traffic we want to sniff is actually now on ether6 as far as ROS is concerned, and can be sniffed there.
Like this:
/interface ethernet switch
set 1 mirror-source=ether6 mirror-target=cpu