05-28-2024 08:56 AM
I am a new network admin and have never configured any type of port mirroring.
We have a campus network design with multiple buildings - each with their own vlan. Each building has a Ruckus 7450 ICX switch and multiple IDF's with 7250 switches. One building holds our servers and internet connection, so most traffic from all buildings gets routed to this one building's datacenter (There's really not a ton of data going through each vlan). I was able to get my hands on Ntopng Enterprise so I can monitor traffic. I'd like to be able to monitor all VLAN traffic from each building on a single 10GbE port on the Datacenter's 7450 using only 1 ntopng server(no sensors).
To make things harder, there is already a IN/OUT port mirror and monitor port on the datacenter's 7450 that uses a security sensor to monitor our firewall traffic. From the documentation, it looks like I might only be able to have 1 of port mirror per region. This is a 48-port 7450, so I think there's 2 regions, but I haven't looked into it enough to determine if I can setup a SPAN port.
Can someone give me a recommendation for how I should configure this? Should I use a SPAN port on the datacenter 7450 which would monitor mirror ports on each site's 7450? Would already having a mirror/monitor port on the datacenter 7450 prohibit me from doing this?
Any help or alternate recommendations are greatly appreciated!