Arista 7050 - Mirror MLAG-Port

Discussion in 'Networking' started by Stril, Jan 16, 2020.

  1. Stril

    Stril Member

    Joined:
    Sep 26, 2017
    Messages:
    180
    Likes Received:
    9
    Hi!

    I am using Arista 7050s in MLAG-config. On my firewall, there is one LACP-bond configured with one link to each of the two Aristas.

    Now, I need to setup a monitor-port/port-mirror with an IDS-system attached to it.
    Is there any possibility to mirror a MLAG?

    I did not find anything about this.

    Thank you for your help!
    Stril
     
    #1
  2. bobbyd

    bobbyd New Member

    Joined:
    Feb 12, 2020
    Messages:
    2
    Likes Received:
    0
    I looked around in documentation but I don't think there is a secret answer to this. You would need to mirror the PortChannel on each switch. One option might be to mirror the Port-Channel on one switch to a random port on the other switch and then mirror both of those ports to the IDS. You can have multiple source ports but only 1 destination port.
     
    #2
  3. Stril

    Stril Member

    Joined:
    Sep 26, 2017
    Messages:
    180
    Likes Received:
    9
    Hi!

    Thank you for your answer. Your idea sounds good, but how can I avoid a loop or spanning-tree-problems?
    Given the setup:

    I mirror the LAG (production LAG) to port 1 of each switch.
    - Now, I connect port 1 of switch 2 to port 2 of switch 1
    - ...and mirror port 2 to port 1

    --> How do I need to setup port 2 of switch one, that incoming packets are note forwarded to ANY other port?

    Thank you for your help!
     
    #3
  4. oddball

    oddball Active Member

    Joined:
    May 18, 2018
    Messages:
    159
    Likes Received:
    51
    You can't mirror (span) a port in an mlag. Bobbyd is correct.

    Create span ports on the port-channel, it moves them into a special mode. Then setup another switch 7124 or 7050s both handle this nicely as a tap aggregator and plug from spans into this.

    When in span/tap mode spanning-tree is turned off on those ports. You won't have any issues, it's a supported configuration.
     
    #4
Similar Threads: Arista 7050
Forum Title Date
Networking Arista DCS-7050T-64 48xRJ45(10GBASE-T) & 4xQSFP+ for $400 May 20, 2019
Networking Arista 7050QX - Cut-through - Store and Forward - iSCSI Feb 8, 2019
Networking Arista 7050QX - hard reboot and packet-storm Sep 20, 2018
Networking Arista DCS-7050QX-32S, 4-SFP+ ports - can't configure Sep 15, 2018
Networking Arista 7050 - Which Firmware are you using Sep 3, 2018

Share This Page