SPAN on PPPOE iface ?



  • Hello everyone,

    I want to to mirror my pppoe connection. This pppoe is build on top of a vlan which relies itself on a physical nic.

    0_1539711183999_span_issue.png

    With a bridge and a span port, I am able to mirror traffic from the physical nic (green) and from the vlan interface (blue). But no packet is transmitted to the span port if I try to mirror the pppoe interface itself (orange).

    I saw some answers on previous posts saying that mirror must be done on switch, not on pfsense. But how can you do this if you want to get rid of pppoe information in you mirrored packets ?

    EDIT : pfsense version 2.4.4-RELEASE (amd64)

    Any thoughts/help ?

    Thanks



  • Have you solved your problem ?



  • Hello,

    Unfortunately no.
    I use the upstream switch for the port mirroring and the target (snort/ELK) is smart enough to ignore pppoe encapsulation.


Log in to reply