We utilize NTOP to measure our WAN flows, which is presently done via a span from our WAN interface sent to another that our NTOP server listens on. Long story short, we wanted to move NTOP into a VM cluster (it is presently on a standalone host) which would require us to span the monitor traffic to a VLAN rather than a specific physical interface and configure NTOP to listen on that VLAN. I accomplished this by creating a VLAN for the purpose of receiving the traffic and configured an RSPAN with a destination of that new VLAN on the switch.
All seemed well as it was working great, until I realized that the switch was sending all mirrored traffic down every trunk port - not just the trunk that the NTOP server was listening on. I confirmed that we have the correct VTP configuration (core switch is the "server" with all subsequent switches as client and all are in the same VTP domain with VTP pruning enabled), so there should be no other clients needing that VLAN traffic.
Am I misunderstanding what VTP pruning should be doing in this instance?
No comments:
Post a Comment