I have a cisco 3560 switch in a remote office where FE 0/1 is the WAN port and the port I need mirrored. We are using a really good bit of software called Observer Suite 12 that analyses all the WAN traffic, however our Observer consultant says the WAN port is not "seeing" much traffic at all and it's as if the mirror isn't setup correct. I have checked with another Cisco guys and he says it's fine. I'm after your thoughts, the Observer consultant said "to work properly we need both duplex streams aggregating to a single outbound stream to the Observer probe on port 2"
Here is part of the config of the Cisco 3560:
ip address 172.31.3.2 255.255.255.252
description ***MIRRORED WAN INTERFACE***
description ***OBSERVER PROBE PC***
description ***Data Layer 3 Interface***
ip address 172.30.3.1 255.255.255.0
monitor session 1 source interface Fa0/1
monitor session 1 destination interface Fa0/2
Thing is the gateway for all users in this remote office is VLAN 1 - 172.30.3.1, and the servers are at the othe side of the WAN at my HQ, we point everything to the this gateway from the HQ too.
The 172.31.3.2 on FE 0/1 goes to our ISP's BGP/MPLS.
Should we somehow be mirroring VLAN 1 instead?