AnsweredAssumed Answered

MTP Logical Port Filters

Question asked by pcdocstl06 on Sep 23, 2015
Latest reply on Sep 24, 2015 by pcdocstl06

So has anyone been able to successfully setup Logical Port filtering on the MTP? When I say successful, I mean more than one filter or more than one component in one filter?

 

Here is my scenario;

 

I have Gigamon taps feeding the MTP that come from span traffic, this includes all traffic that we see on the network. Ideally I would like to filter on only a certain subnet on one physical port to capture data from one data center while excluding IP addresses from servers or VIP's that we are not interested in monitoring. This particular physical port is being forwarded to the TIM for packet processing to be used in CEM. Below are the scenarios that I have tried with no luck;

 

  • Scenario #1 - 1 Filter with an inclusion subnet(xx.xx.xx.xx/14) and IP address exclusions (9 IP Addresses)
  • Scenario #2 - 2 Filters, #1 being the subnet(xx.xx.xx.xx/14) inclusion filter with a priority of 5, #2 filter with IP address (9 IP Addresses) exclusions priority of 5
  • Scenario #3 - 2 Filters, #1 being the subnet(xx.xx.xx.xx/14) inclusion filter with a priority of 5, #2 filter with IP address (9 IP Addresses) exclusions priority of 6

 

After discovering you cannot have more than 8 IP addresses in a filter we tried the following

 

  • Scenario #3 - 2 Filters, #1 with an inclusion subnet(xx.xx.xx.xx/14) and IP address exclusions (8 IP Addresses)
  • Scenario #4 - 3 Filters, #1 being the subnet(xx.xx.xx.xx/14) inclusion filter with a priority of 5, #2 filter with IP address (5 IP Addresses) exclusions priority of 6, #3 filter with IP address (4 IP Addresses) exclusions priority of 7

 

None of the above worked, while each of the below listed (individually) worked fine;

 

  • 1 Filter with an inclusion subnet(xx.xx.xx.xx/14) priority 5
  • 1 Filter with IP address exclusions (8 IP Addresses)


I really hope I don't get an answer that asks why we don't just filter at the Gigamon level, the better question would be why doesn't this work. Any input or feedback is appreciated.


Outcomes