One-way traffic with port mirror HP-2610 to Hyper-V

networking hp hyper-v network-monitoring hyper-v-server-2012-r2

The port mirroring was correct as per the above config (HP states on its 25xx and 26xx models that its monitoring retains VLAN tags regardless of whether the port being monitored is set to untagged - note, this is for port monitoring, not sure if this is different for vlan type on newer models as wasn't able to test on this firmware).

My initial step was with default monitoring setup to capture traffic on the VM:

// On Hyper-V host, create a new virtual switch called Monitor, this
// physically connects to the dedicated monitoring NIC (create a separate switch for general traffic also).
// Also Enable extension Microsoft NDIS Capture for this NIC.
$portFeature=Get-VMSystemSwitchExtensionPortFeature -FeatureName "Ethernet Switch Port Security Settings"
$portFeature.SettingData.MonitorMode = 2
Add-VMSwitchExtensionPortFeature -ExternalPort -SwitchName Monitor -VMSwitchExtensionFeature $portFeature
// final step i did through GUI => Under the monitor virtual network adapter
// of the guest VM, go to Advanced Features, and set the port mirror mode to Destination.

I could see i was getting all untagged frames that were coming out of the PBX (it has no notion of a tagged frame).

I then tried setting a trunk to the switch to received tagged 42 AND native vlan 42 Set-VMNetworkAdapterVlan -VMName MonitorVM -VMNetworkAdapterName Monitor -Trunk -Allowed VlanIdList 813 -NativeVlanId 42, and at that point saw i was no longer receiving the PBX data (untagged frames).

After reading online I found Hyper-V defines untagged (vlan disabled) as VLAN ID 0.

Setting the trunk to the VM to accept both tagged 42 and untagged frames (renaming the interface so i could target that only):

$a = Get-VMNetworkAdapter -vmname MonitorVM
$a[1] -NewName Monitor // referenced the monitor NIC, you will need to search array to check
Set-VMNetworkAdapterVlan -VMName MonitorVM -VMNetworkAdapterName Monitor -Trunk -Allowed VlanIdList 813 -NativeVlanId 0

I was then able to see two way traffic!


I can't comment on the ProCurve setup, but since you have a dedicated NIC on the HV for monitoring do you need the extra mirroring configuration on the virtual switch too? The traffic could just be passed to the VM as normal at that point.

Have you been able to confirm if the ProCurve is properly mirroring the traffic and it's at least getting to the dedicated NIC?

Related

Do I need a VNet?
SSH to EC2 instance timedout
How can I change a SMART attribute value?
How is nginx treating API requests?
Nginx handling relative paths causes 404 errors
Allow application through firewall Linux [duplicate]
apache2.service: Failed to run 'start' task: No such file or directory
zfs cannot create snapshot, out of space
WIth Nginx do I have to add a content-security-policy to every location block?
Extending Enum in typescript
Jetty: To embed or not to embed?
Using RabbitMQ is there a way to look at the queue contents without a dequeue operation?