Shifting From Tap Mode To In-Line Mode; Span Port And Hub Monitoring - McAfee M-1250 - Network Security Platform Deployment Manual
Deployment guide
Hide thumbs
Also See for M-1250 - Network Security Platform:
- Configuration manual (259 pages) ,
- Upgrade manual (58 pages) ,
- Manual (32 pages)
Table of Contents
Advertisement
McAfee® Network Security Platform 6.0
Sensor Deployment Modes
Figure 9: I-4000 sensor deployed in tap mode
Shifting from tap mode to in-line mode
You can easily shift from tapped to in-line mode. If you are running a Sensor with built-in
taps in internal tap mode, you can toggle between tap and in-line mode with a simple
software configuration command from the Manager's System Configuration tool. Thus, you
can run in tap mode until you feel comfortable with the Sensor's reliability, and then shift
into in-line mode without needing to touch the Sensor. You can also mix modes with the
ports on the I-2700. You can run one pair in In-line Mode and others in Tap mode. With the
GE port-Sensors, you'll have to do some minimal re-cabling to convert from tap to in-line
mode.
SPAN port and hub monitoring
Sensors can connect to the SPAN port of a switch or to a port on a hub. Most vendors' IDS
Sensors are deployed in this manner, and many beginning Network Security Platform
users choose to deploy in this mode. The Switch Port Analyzer (SPAN) port is designed
for troubleshooting and network analysis so that an attached network analyzer can receive
a copy of every single packet that is sent from one host to another through the switch. The
SPAN port forwards all incoming and outgoing traffic within the switch to a predetermined
port where a Sensor or a sniffer is connected. This is called port forwarding or port
mirroring, and it allows an attached device to monitor all traffic of that switch.
When monitoring SPAN ports and hubs, traffic is typically half-duplex. Only one monitoring
port is required to monitor each SPAN or hub port. You can send a response back through
a hub; if you choose to send a response back through the SPAN port, you can do so if the
switch supports transmit back through the SPAN port.
Note:
If the switch does not support transmit back through the SPAN, you can send
a response via a Sensor response port.
21
Advertisement
Table of Contents
