06-28-2017 07:52 PM
Hi
Got a PA-850, wanted to install a TAP port into the DELL N2048P, but it doesn't have capability to do a SPAN port.
Any suggestions on how to deal with that.
I do have the PA as DGW for all the networks, more worried about looking at PC to PC - same vlan
06-28-2017 09:14 PM - edited 06-28-2017 09:15 PM
In this case you are sourcing traffic from a VLAN and not a specific port. In other words, you will be mirroing i.e all traffic from VLAN100 and directing that to the port where the Palo Alto TAP port is connected.
Here is an example:
Commands to configure the Port Mirroring:
configure
interface te 0/2
no switchport
no ip address
no shutdown
exit
monitor session 0
source te 0/1 destination te 0/2 direction both
One thing I am not sure on the Dell switches is if you are able to source the traffic from a VLAN instead of a physical interface. If sourcing from a VLAN is not possible, I read that you can specify multiple source ports, so in this case you would have to place multiple statements in the monitor session 0 command.
Again, I am not a Dell switch specialist, so, I am just trying to understand the logic, but it does not seem to be any different than a Cisco switch.
I hope this helps.
06-28-2017 08:23 PM - edited 06-28-2017 08:24 PM
Hi @Alex_Samad
I am not a Dell Switch specialist by any means, but according to this documentation, Port Mirroring is supported on your switch model. http://nbc.intersmart.com.br/PDF/Dell_Switch_N2000_N3000_N4000_Manual.pdf
Because you interested in the PC-to-PC traffic on a specific VLAN a VWire will not do the trick. If you were interested in the traffic traverssing the perimeter firewall to and from the Internet then a VWire would definitely work as well. But you have L3 since the PA-850 is your Default-Gateway, so it not the best option.
06-28-2017 08:28 PM
Yes thats port mirroring ... 1 port to another .. not a span port !
Rather dissapointed with the Dell switches.
06-28-2017 08:34 PM
Just to clarify,
Port mirroring is used on a network switch to send a copy of network packets seen on one switch port (or an entire VLAN) to a network monitoring connection on another switch port. ... Port mirroring on a Cisco Systems switch is generally referred to as Switched Port Analyzer (SPAN) or Remote Switched Port Analyzer (RSPAN).
From a Palo Alto perspective it does not make any difference as long as a copy of the traffic is being forwarded to the port where the PA is connected and listening.
06-28-2017 09:02 PM
From my understanding and from trying to configure it.
Its basically mirroring 1 port to another ... So I could target one pc and thats it 🙂
Alex
06-28-2017 09:14 PM - edited 06-28-2017 09:15 PM
In this case you are sourcing traffic from a VLAN and not a specific port. In other words, you will be mirroing i.e all traffic from VLAN100 and directing that to the port where the Palo Alto TAP port is connected.
Here is an example:
Commands to configure the Port Mirroring:
configure
interface te 0/2
no switchport
no ip address
no shutdown
exit
monitor session 0
source te 0/1 destination te 0/2 direction both
One thing I am not sure on the Dell switches is if you are able to source the traffic from a VLAN instead of a physical interface. If sourcing from a VLAN is not possible, I read that you can specify multiple source ports, so in this case you would have to place multiple statements in the monitor session 0 command.
Again, I am not a Dell switch specialist, so, I am just trying to understand the logic, but it does not seem to be any different than a Cisco switch.
I hope this helps.
06-28-2017 09:27 PM
Hi
Thanks I have tried added in all the active port, lets see how that goes.
Can't remember why I didn't do this before.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
