F5 Mirroring and production traffic using the same VLAN
This is a real life sample alert from indeni
Description:
SOL13478 recommends that you do not mix mirroring and production traffic on the same VLAN. Your mirror IP is 192.168.16.2 which is on 192.168.16.0/24, a production network.
Manual Remediation Steps:
Change the network design and the mirror IPs so they are on a dedicated VLAN.
How does this alert work?
indeni reviews the configuration for the mirroring IPs (those you set via “modify /cm device <device_name> mirror-ip <IP address> mirror-secondary-ip <IP address>”) and compares to them to what it knows regarding traffic flow. If production traffic flows through the same VLAN as the mirroring traffic, an alert will be generated.