It is unbelievable how many restrictions there are in Juniper compared to Cisco:
- Ex4300 RSPAN Vlan destination is supported, but traffic is sent out only on _one_ interface. Which one is not deterministic. RSPAN vlan ist NOT flooded to all ports.
- Ex4200: RSPAN Vlan destination is supported, but not on aggregated ethernet.
- Ex4300/Ex4200: Even in a Vlan configured with no-mac-learning (all show commands show "mac * -> Flood", no MAC addressed, a.s.o): if a second port will receive frame with same MAC address, only one of the two frames is forwarded! *)
- Ex4300 (the Ex4200 can have only one active analyzer!): Two analyzers cannot have the same destination Vlan. Why not? Not the same port might make sense, but Vlan?
- Ex4300: destionation option "no-tag" is only possible on destination vlan? What's that for? It would be reasonable, if it strips the inner Vlan - but it stripps the outer (the RSPAN) tag! IMHO this is just a bug. Having no-tag would be a great option on destionation interface!
- Still (up to current releases) there is that typo: "Removes extra RSAPN tag from mirrored packets". Or do I just not understand what an RSAPN tag is?
*) Scenario: host X is sending to upstream A and B. Port mirror on link to A and B because we want to prove that it is sent out! If A and B is on two different switches, you will see only one stream on the destination switch for the RSPAN vlan.
I'm working hard for 4 weeks now to find a suitable concept permanentely mirror my plattform and feed that into our traffic analyzer as we did with the Ciscos before. I'm considering reinstall the Ciscos for the mirror traffic distribution. Can that be?
br
Walter