Community discussions

just joined
Topic Author
Posts: 6
Joined: Wed Nov 14, 2018 10:35 am

Port Mirroring and flow analyzer for CRS326

Thu Jul 25, 2019 8:59 am

I need to install packet flow analyzer for a CRS switch. Packet flow analyzer should receive mirrored flow from all ports/VLANs connected to CRS.
I have 3 VLANs here (2,3,4):
2: ports 1-9
3: ports 11-14
4: ports 15-20
# feb/07/2019 11:15:26 by RouterOS 6.43.8
# model = CRS326-24G-2S+
/interface bridge
add ingress-filtering=yes name=bridge-vlan vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] speed=100Mbps
set [ find default-name=ether2 ] speed=100Mbps
set [ find default-name=ether3 ] speed=100Mbps
set [ find default-name=ether4 ] speed=100Mbps
set [ find default-name=ether5 ] speed=100Mbps
set [ find default-name=ether6 ] speed=100Mbps
set [ find default-name=ether7 ] speed=100Mbps
set [ find default-name=ether8 ] speed=100Mbps
set [ find default-name=ether9 ] speed=100Mbps
set [ find default-name=ether10 ] speed=100Mbps
set [ find default-name=ether11 ] speed=100Mbps
set [ find default-name=ether12 ] speed=100Mbps
set [ find default-name=ether13 ] speed=100Mbps
set [ find default-name=ether14 ] speed=100Mbps
set [ find default-name=ether15 ] speed=100Mbps
set [ find default-name=ether16 ] speed=100Mbps
set [ find default-name=ether17 ] speed=100Mbps
set [ find default-name=ether18 ] speed=100Mbps
set [ find default-name=ether19 ] speed=100Mbps
set [ find default-name=ether20 ] speed=100Mbps
set [ find default-name=ether21 ] speed=100Mbps
set [ find default-name=ether22 ] speed=100Mbps
set [ find default-name=ether23 ] speed=100Mbps
set [ find default-name=ether24 ] speed=100Mbps
set [ find default-name=sfp-sfpplus1 ] speed=10Gbps
set [ find default-name=sfp-sfpplus2 ] speed=10Gbps
/interface vlan
add interface=bridge-vlan name=vlan-dmz vlan-id=2
add interface=bridge-vlan name=vlan-mng vlan-id=3
/interface bridge port
add bridge=bridge-vlan ingress-filtering=yes interface=ether1 pvid=2
add bridge=bridge-vlan ingress-filtering=yes interface=ether2 pvid=2
add bridge=bridge-vlan ingress-filtering=yes interface=ether3 pvid=2
add bridge=bridge-vlan ingress-filtering=yes interface=ether4 pvid=2
add bridge=bridge-vlan ingress-filtering=yes interface=ether5 pvid=2
add bridge=bridge-vlan ingress-filtering=yes interface=ether6 pvid=2
add bridge=bridge-vlan ingress-filtering=yes interface=ether7 pvid=2
add bridge=bridge-vlan ingress-filtering=yes interface=ether8 pvid=2
add bridge=bridge-vlan ingress-filtering=yes interface=ether9 pvid=2
add bridge=bridge-vlan ingress-filtering=yes interface=ether11 pvid=3
add bridge=bridge-vlan ingress-filtering=yes interface=ether12 pvid=3
add bridge=bridge-vlan ingress-filtering=yes interface=ether13 pvid=3
add bridge=bridge-vlan ingress-filtering=yes interface=ether14 pvid=3
add bridge=bridge-vlan ingress-filtering=yes interface=ether15 pvid=4
add bridge=bridge-vlan ingress-filtering=yes interface=ether16 pvid=4
add bridge=bridge-vlan ingress-filtering=yes interface=ether17 pvid=4
add bridge=bridge-vlan ingress-filtering=yes interface=ether18 pvid=4
add bridge=bridge-vlan ingress-filtering=yes interface=ether19 pvid=4
add bridge=bridge-vlan ingress-filtering=yes interface=ether20 pvid=4
add bridge=bridge-vlan ingress-filtering=yes interface=ether24
add bridge=bridge-vlan ingress-filtering=yes interface=sfp-sfpplus1 \
    internal-path-cost=1 path-cost=1
add bridge=bridge-vlan ingress-filtering=yes interface=sfp-sfpplus2 \
    internal-path-cost=1 path-cost=1
/interface bridge vlan
add bridge=bridge-vlan tagged=sfp-sfpplus1,sfp-sfpplus2,ether24 untagged="ethe\
    r1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9 vlan-ids=2
add bridge=bridge-vlan tagged=bridge-vlan,sfp-sfpplus1,sfp-sfpplus2,ether24 \
    untagged=ether11,ether12,ether13,ether14 vlan-ids=3
add bridge=bridge-vlan tagged=sfp-sfpplus1,sfp-sfpplus2,ether24 untagged=\
    ether15,ether16,ether17,ether18,ether19,ether20 vlan-ids=4
/ip address
add address= interface=vlan-mng network=
So my questions are:
a) Is it possible to mirror flow from all VLANs to ONE selected port (let's say ether10) in such way that it will work like VLAN trunk port with packets mirrored from all ports connected to specific VLAN (all pacekts should be ofcourse VLAN tagged)
Packet Analyzer <-> ether10 <-> all mirrored flow, if yes how to achieve this in config above?
b) If a) is not possible or has great impact on performance (CPU usage) is it possible to mirror all ports belonging to one VLAN to one specific port belonging to this VLAN, I mean for example:
all ports from VLAN 2 -> mirror to ether10
all ports from VLAN 3 -> mirror to ether14
all ports from VLAN 4 -> mirror to ether20

Another question is if mirrored port (target) should belong specific VLAN also, I mean like ether14 and ether20 in configuration above?

How to achieve best a) and/or b) in configuration above ?

Who is online

Users browsing this forum: MSN [Bot] and 106 guests