[nsp] multiple port monitoring - switch sought

Gert Doering gert at greenie.muc.de
Tue Dec 9 16:52:48 EST 2003 

Hi,

I'm looking for a GigE switch (or some other affordable equipment) that can
solve a somewhat peculiar requirement.

I have a GigE port, delivered over ZX fibre.  Everything coming in over
that port needs to be mirrored to other ports on the "device" (that's
easy), and I need it to be mirrored to up to *4* other GE ports (SX or TX).


 traffic ---- ZX ---- magic box - mirror 1
				- mirror 2
				- mirror 3
				- mirror 4

the traffic that needs to be mirrored is not actually passing the 
"switch" (or "magic box") - the other end of the ZX fibre is connected
to a SPAN port of a 6509, some 30 kilometers away.

So what we really need is some sort of "multiplying device" that will
just take all packets coming in from the left, and send it out to 
(up to) 4 ports on the right.  Nothing will ever be received from the 
ports on the right, and nothing will ever be sent to the left.

[Disclaimer: all of this is perfectly legal and with consent of the owner
of the infrastructure, of course!  It's university work relating to
understanding of traffic patterns and so on]

Are there (affordable) cisco switches that can do a SPAN from a single
source to four different destinations ports?  With full GE line rate
*and* capable of taking a ZX-GBIC?  In theory, the 4912G or 3550-12T
should be able to do it, but I have none of them to test whether
"single source port, 4 destination ports" SPAN is going to work.


Something we have been thinking of is to just make the switch flood
all packets to all ports (that would suit the application), but that
isn't going to work - the destination MAC of all packets will appear
sooner or later on the left side (input), so the switch knows that it
does not have to forward the packet.   Switching off MAC learning on
the ingress port might work, but I don't think it can be done with CatOS
or IOS switches.  Can it?  (Heck, all we want is a "Gbit *hub*", but I 
know that those do not exist).


Any other ideas?

gert
-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de

More information about the cisco-nsp mailing list