Posted on September 16, 2020 12:30 am
 |  Asked by Ryan Worthington
 |  37 views
RESOLVED
0
0
Print Friendly, PDF & Email

Hello,

We’ve just recently moved from the Cisco Nexus platform to the Arista 7050 series in our data center and have a requirement to mirror traffic from specific VLANs for our security tools.

From what I’ve read it seems that only Ethernet interfaces can be mirrored but during our original discussion with Arista one of the sales engineers mentioned that there was a method to get functionally similar to a Cisco SPAN with a VLAN interface as the source by going through the CPU.

In the documentation and forum I’ve seen a few references to this but nothing definitive. Does anyone know if this is possible? If not, are there other ways to duplicate the SPAN function with a VLAN interface as the source?

0
Posted by Roberto Salazar
Answered on September 16, 2020 12:45 am

Hello,

This forum article talks about just what you are describing. Here is an excerpt from that article:

Traffic can be mirrored to ports using the monitor syntax, however the source of the mirrored traffic is limited to Ethernet and Port-channel interfaces. If there is a requirement to source a mirror from a specific VLAN across multiple ports, a different method is available as of EOS 4.20.5F or later on R series platforms utilizing DirectFlow.

It requires DirectFlow feature to accomplish mirroring the vlan traffic. Here is the link to the article for details:
https://eos.arista.com/vlan-traffic-mirroring/

Note that DirectFlow is only supported on specific hardwares, this article discusses DirectFlow and lists the supported hardwares:
https://eos.arista.com/eos-4-20-5f/directflow/

Post your Answer

You must be logged in to post an answer.