Asus rt-ac68u monitoring port

alexrebell · March 24, 2020, 2:23pm

Good afternoon.
Tell me, please, is it possible to configure port mirroring in OpenWrt? There is an asus rt-ac68u router with openwrt installed, on the router, computer "A" is connected to port 1, computer "B" is connected to port 2, and on this computer "B" (connected to the second port), I need to intercept all traffic that passes through port 1 from computer "A". Even if this is not quite correct, you just need to configure the monitoring port on the router. please tell me how this can be implemented. Thanks.

trendy · March 24, 2020, 2:52pm

It is possible and there is such option in switch configuration.
https://openwrt.org/docs/guide-user/base-system/basic-networking#switch_configuration

alexrebell · March 24, 2020, 8:24pm

Thank you very much for your response.
Tell me , please, it turns out that I simply need to execute two commands:

mirror_source_port

specify port 1 where PC "A"...

mirror_monitor_port

and I specify port 2 where PC "B" in my case.
do I need to do anything else? for example,

enable_mirror_rx
enable_mirror_tx

Thank you.

mk24 · March 24, 2020, 10:36pm

Usually a mirror monitor port must be dedicated to monitoring, it isn't also attached to a VLAN for data. You may need two network cards in the PC.

alexrebell · March 25, 2020, 4:52am

I'm just using two network cards on my PC.

alexrebell · March 25, 2020, 9:08am

Information output:

root@OpenWrt:~# swconfig list
Found: switch0 - bcm53011
root@OpenWrt:~# swconfig dev switch0 show
Global attributes:
        enable_vlan: 1
        ports: 0x01bf
        reset_mib: ???
        enable_jumbo: 0
        allow_vid_4095: 0

I understand that this router does not support the mirroring function?

trendy · March 25, 2020, 9:21am

Check with swconfig dev switch0 help

alexrebell · March 25, 2020, 2:08pm


root@OpenWrt:~# swconfig dev switch0 help
switch0: bcm53011(BCM53011), ports: 9 (cpu @ 5), vlans: 4096
     --switch
        Attribute 1 (int): enable_vlan (Enable VLAN mode)
        Attribute 2 (string): ports (Available Ports (as bitmask))
        Attribute 3 (int): reset_mib (Reset MIB counters)
        Attribute 4 (int): enable_jumbo (Enable Jumbo Frames)
        Attribute 5 (int): allow_vid_4095 (Allow VID 4095)
        Attribute 6 (none): apply (Activate changes in the hardware)
        Attribute 7 (none): reset (Reset the switch)
     --vlan
        Attribute 1 (ports): ports (VLAN port mapping)
     --port
        Attribute 1 (string): mib (Get port's MIB counters)
        Attribute 2 (int): pvid (Primary VLAN ID)
        Attribute 3 (unknown): link (Get port link information)

trendy · March 25, 2020, 3:09pm

Looks like it is not capable

alexrebell · March 25, 2020, 4:30pm

is there any router model that exactly supports this function?

mk24 · March 25, 2020, 6:27pm

It looks like Archer A7 (AR8337 switch chip) does, and it should be the same chip in all versions of the C7 as well.
Edgerouter X (MT7621 internal switch) does not.

system · April 4, 2020, 6:27pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.