Got a PA-850, wanted to install a TAP port into the DELL N2048P, but it doesn't have capability to do a SPAN port.
Any suggestions on how to deal with that.
I do have the PA as DGW for all the networks, more worried about looking at PC to PC - same vlan
Solved! Go to Solution.
I am not a Dell Switch specialist by any means, but according to this documentation, Port Mirroring is supported on your switch model. http://nbc.intersmart.com.br/PDF/Dell_Switch_N2000_N3000_N4000_Manual.pdf
Because you interested in the PC-to-PC traffic on a specific VLAN a VWire will not do the trick. If you were interested in the traffic traverssing the perimeter firewall to and from the Internet then a VWire would definitely work as well. But you have L3 since the PA-850 is your Default-Gateway, so it not the best option.
Just to clarify,
Port mirroring is used on a network switch to send a copy of network packets seen on one switch port (or an entire VLAN) to a network monitoring connection on another switch port. ... Port mirroring on a Cisco Systems switch is generally referred to as Switched Port Analyzer (SPAN) or Remote Switched Port Analyzer (RSPAN).
From a Palo Alto perspective it does not make any difference as long as a copy of the traffic is being forwarded to the port where the PA is connected and listening.
From my understanding and from trying to configure it.
Its basically mirroring 1 port to another ... So I could target one pc and thats it :)
In this case you are sourcing traffic from a VLAN and not a specific port. In other words, you will be mirroing i.e all traffic from VLAN100 and directing that to the port where the Palo Alto TAP port is connected.
Here is an example:
Commands to configure the Port Mirroring:
interface te 0/2
no ip address
monitor session 0
source te 0/1 destination te 0/2 direction both
One thing I am not sure on the Dell switches is if you are able to source the traffic from a VLAN instead of a physical interface. If sourcing from a VLAN is not possible, I read that you can specify multiple source ports, so in this case you would have to place multiple statements in the monitor session 0 command.
Again, I am not a Dell switch specialist, so, I am just trying to understand the logic, but it does not seem to be any different than a Cisco switch.
I hope this helps.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!