Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

Portmirroring RB750GL

Locked
 
rich
just joined
Topic Author
Posts: 13
Joined: Tue Mar 12, 2013 12:04 am

Portmirroring RB750GL

Sun Apr 07, 2013 5:49 pm

I am using a RB2011UAS-2HND-IN as a router / gateway, connected to that one I have a RB750GL which I would want to run port mirroring on.

ether2 goes from the RB2011 and ether3 goes to the LAN network while ether5 is suppose to be where I recieve copies of all packages sent to and from ether2.

I have turned off all routing function on the the RB750GL.

Is there something I have missed or something I've done wrong here?

I have ether 5 connected to my VM-host eth1 and a vm is recieving the packages. This is suppose to be used as an IDS.

Specification as follow
Code: Select all
> interface ethernet print
Flags: X - disabled, R - running, S - slave 
 #    NAME               MTU MAC-ADDRESS       ARP        MASTER-PORT             SWITCH            
 0 X  ether1            1500 D4:CA:6D:5D:9B:EB enabled    none                    switch1           
 1 R  ether2            1500 D4:CA:6D:5D:9B:EC enabled    none                    switch1           
 2 R  ether3            1500 D4:CA:6D:5D:9B:ED enabled    none                    switch1           
 3    ether4            1500 D4:CA:6D:5D:9B:EE enabled    none                    switch1           
 4 R  ether5            1500 D4:CA:6D:5D:9B:EF enabled    none                    switch1
Code: Select all
> interface ethernet switch port print 
Flags: I - invalid 
 #   NAME                                  SWITCH                           VLAN-MODE VLAN-HEADER   
 0   ether1                                switch1                          disabled  leave-as-is   
 1   ether2                                switch1                          disabled  leave-as-is   
 2   ether3                                switch1                          disabled  leave-as-is   
 3   ether4                                switch1                          disabled  leave-as-is   
 4   ether5                                switch1                          disabled  leave-as-is   
 5   switch1_cpu                           switch1                          disabled  leave-as-is

Just shout if you need more information.

Thanks in advance.
Top
 
CelticComms
Forum Guru
Forum Guru
Posts: 1765
Joined: Wed May 02, 2012 5:48 am

Re: Portmirroring RB750GL

Sun Apr 07, 2013 6:10 pm

I didn't see any mirroring settings shown. What is the question?
Top
 
rich
just joined
Topic Author
Posts: 13
Joined: Tue Mar 12, 2013 12:04 am

Re: Portmirroring RB750GL

Sun Apr 07, 2013 6:32 pm

Code: Select all
/interface ethernet switch> print
Flags: I - invalid 
 #   NAME                TYPE               MIRROR-SOURCE           MIRROR-TARGET                        SWITCH-ALL-PORTS
 0   switch1             Atheros-8327       ether2                  ether5
Will that suffice? :)
Top
 
CelticComms
Forum Guru
Forum Guru
Posts: 1765
Joined: Wed May 02, 2012 5:48 am

Re: Portmirroring RB750GL

Sun Apr 07, 2013 7:44 pm

That looks OK. Presumably it isn't working as you expected. What are the symptoms?
Top
 
rich
just joined
Topic Author
Posts: 13
Joined: Tue Mar 12, 2013 12:04 am

Re: Portmirroring RB750GL

Sun Apr 07, 2013 10:01 pm

I don't know if this is a mikrotik problem or proxmox problem.

I use RB2011UAS as a router, dhcp, dns, etc, etc..
The RB750GL mainly just as a tap..

I have a VM-host with two network interfaces.
Interfaces (eth0) is connected to a netgear router which then is connected to the ether2 on the RB750GL.
The eth1 on the Proxmox is connected to the ether5 on the RB750GL and only run ONE vm, the IDS machine.

On the the VM-host I have two bridged interfaces
eth0 - vmbr0 (internal IP set static on the bridge interface)
eth1 - vmbr1 (NO ip address set at all).

All my vms, except one, run through vmbr0 and they work fine.
The IDS which runs from vmbr1 gets a dynamic IP from the RB2011UAS BUT I don't get any network connectivity towards internet, nor can I ping the gateway or anything else.

I can see that the interface eth1 and vmbr1 recieves significant traffic in ifconfig.

So basically the case is that I cannot get read the mirrored traffic at the IDS machine and I can neither access internet from that machine via vmbr1.
Top
 
CelticComms
Forum Guru
Forum Guru
Posts: 1765
Joined: Wed May 02, 2012 5:48 am

Re: Portmirroring RB750GL

Sun Apr 07, 2013 10:17 pm

You said that the interface is bridged - so remember that a bridge will typically on pass on broadcast traffic, traffic for unknown MACs and traffic for MACs which are known to be on the other side of the bridge. Bridges/switches operating normally get in the way of monitoring such mirrored streams.
Top
 
mrphreak
newbie
Posts: 38
Joined: Tue Jan 24, 2012 11:37 pm

Re: Portmirroring RB750GL

Mon Apr 08, 2013 10:38 am

Are ether2, 3 and 5 bridged on the RB750??
Top
Locked

Who is online

Users browsing this forum: 0day, DanMos79 and 31 guests
  4. RouterOS
  5. Beginner Basics