Table of Contents
Advertisement
Configuring Port Mirroring
IDS Mirroring Considerations
4.4.2
IDS Mirroring Considerations
An IDS mirror is a one-to-many port mirror that has been designed for use with an Intrusion
Detection System. The following considerations must be taken into account when configuring IDS
mirroring on the Matrix device:
•
As of release 5.xx.xx, mirroring of multiple (unlimited number of) source ports to an IDS
destination port is supported.
•
Eight destination ports must be reserved for an IDS mirror.
•
All DIP/SIP pairs will be transmitted out the same physical port.
•
All non-IP traffic will be mirrored out the first physical port in a LAG. This port will also be used
for IP traffic.
•
Port failure or link recovery in a LAG will cause an automatic re-distribution of the DIP/SIP
conversations.
4.4.3
Active Destination Port Configurations
The Matrix NSA device supports 64 mirroring destination ports. Each Matrix DFE-Platinum Series
device supports 16 mirroring destination ports. These ports can be a mixed variety of port, VLAN,
and IDS combinations. Any or all destination ports can be configured in a many-to-one mirroring
configuration (that is, many sources mirrored to one destination). Examples of destination port
configurations on a DFE-Platinum Series module include:
•
16 port mirrors
•
16 VLAN mirrors
•
8 port and 8 VLAN mirrors
•
12 port and 4 VLAN mirrors
•
8 port and 1 IDS mirror (where the device mirrors to 8 ports)
•
8 VLAN and 1 IDS mirror (where the device mirrors to 8 ports)
NOTE: Eight destination ports must be reserved for an IDS mirror.
4-88 Matrix NSA Series Configuration Guide
Advertisement
Chapters
Table of Contents
