Unsolved
This post is more than 5 years old
2 Posts
0
34158
December 9th, 2003 18:00
Powerconnect 3348 Port Mirroring issue
Hello all,
I hope someone out there might be able to help me.
I have a Powerconnect 3348 switch, and I have set it up for port monitoring. I had to install a secondary NIC in my XP based machine due to the fact
that it jams access to the network. My game plan is to sniff packets, presumably between the router (cisco 1720) and the switch. When I attempt to
sniff out packets,all I am recieving is broadcast packets to and from my machine, and to top it off they are from the other adapter's IP address, not the one connected to the destination port. (I hope that made sense).
What am I doing wrong?
-------------------------------------------------------------------
My Network:
TSU------Firewall------CISCO1720--------PC3348--------XP_Clients
DELL-Randy
132 Posts
0
December 10th, 2003 14:00
What vendor and model of NIC are you using? How recent is the driver? Do you have any utilities installed for your NICs such as Intel's PROSet software or Broadcom's Advanced Control Suite?
When the port mirroring option is enabled on the PowerConnect 3348, the 'destination' port's traffic is tagged (IEEE 802.1Q VLAN tag) with the 'source' ports VLAN ID. For instance, assume the following: You configure your PowerConnect 33xx so that port 1 is in general mode with a VLAN ID of 7 and a PVID of 7. Then, you configure port mirroring in such that the 'source' port is port 1 and the 'destination' port is port 24. As traffic is replicated from port 1 to port 24 for capturing or monitoring, it will be tagged with an IEEE 802.1Q VLAN tag for VLAN 7. This is a hardware chipset limitation, and there are no plans to change this as of yet. Currently only the PowerConnect 33xx series switches experience this limitation.
From my testing, we have seen that Intel network adapters are more susceptible to this limitation than other vendors. 3Com and Broadcom NICs seem to be able to interpret the traffic received without the adapter needing additional configuration. Intel NICs, however, will require additional configuration in order to properly interpret the traffic.
In the event that you are using an Intel network adapter experiencing this issue, please ensure you have the latest driver as well as the PROSet software installed.
Now, the NIC should be able to interpret the traffic that is being transferred out of the 'destination' port. Another issue potentially prohibiting you from seeing the expected captures is if you are crossing internal ASICs. The switch's architecture has ports 1-24 and gigabit port 1 on 1 ASIC, while ports 25-48 and gigabit port 2 are on the other. Because of this architecture, you are unable to mirror between ASICs, e.g. port 1 to port 48. We apologize for any inconvenience this may cause.
Message Edited by DELL-Randy on 12-10-2003 12:37 PM
Sneeze Guard
2 Posts
0
December 11th, 2003 10:00
Wow thanks for providing some insight to this Randy, I have RTL8139s in my machine. I used the integrated dual Broadcom 5704s in
my server, and it causes less problems. It seems to read all the ip addresses fine, yet they are still all broadcast adresses, and it jams my internet
access.
It almost seems like one NIC interferes with the next...
I will be researching 802.1q. Thank you so much for the info, and if you think of anything else, please let me know.
Thanks again,
Bri...
NWNT
1 Message
0
December 23rd, 2003 05:00
Bri hi,
I may not have understood your problem correctly - but is it possible that the required change is reconfiguration of your sniffer application?
I do not know which sniffer you are using - but you may have to change the settings to read packets only from the secondary NIC card and not from the main one. This way you will be able to capture packets that you want - and not from the "wrong" NIC card?
Once you do this change I think you should be able to view the desired packets.
RobBonfiglio
2 Posts
0
January 13th, 2004 15:00
I am using an Opti GX270, that has an Intel NIC in it. I updated the drivers like you said, and I also tried to update the PROSet, but when I right click on the NIC from w/in the PROSet utility the only option that I get is "Remove Adapter". There is no place that is mentioned about VLAN ID's. Am I not using the correct PROSet version? I downloaded it straight from the Intel website along with the latest drivers. Anyone have any ideas?
Our situation is this, we need to setup port mirroring for a piece of EIM software that we are testing. The GX270 that we are using as a test machine only has 1 NIC in it, and whenever I try to mirror traffic to its port on the 3348, the GX 270 drops off the network. I cannot ping it, nor can I ping from it. I was hoping that this solution would solve my problem.
eddymicro
1 Message
0
April 29th, 2004 10:00
Hello,
I just found this message thread after a LONG time of trying to port mirror on my new 3348. I do not yet have the mirroring working but plan to test a 3COM NIC next to solve the problem. I have a generic NIC as my Second NIC in my protocol analyser (destination port) and even though it support VLANS, it still doesn't work. My main question is what is the best NIC to use since I want to monitor 2 source ports, both on differenet VLANs. Therefore I cannot specify the destination VLAN ID on the NIC of my protocol analyzer.
By the way the Ethereal Analyzer works without any changes to the VLAN ID but most of the other analyzers do not.
33wert33
4 Posts
0
December 7th, 2004 14:00
Also having trouble picking up traffic with port mirroring. I am just trying to mirror one port to another, both in the default vlan of 1. Using Ethereal Analyzer but all I can pick up is broadcast traffic. I have a 3com 3c905B-TX adapter on the destination machine. Mapping 2/e12 (source port) to 2/e3 (destination port). Anyone have any thoughts? If anyone has it working what is the exact model of the adapter are you using ?
thx