McAfee DTP-1650-MGRA - Network DLP Manager 1650 Appliance Installation Manual page 12

1
Setting up the hardware
Select an integration mode for McAfee DLP Monitor
This method requires a change on the LAN switch, but no downtime is required because network
traffic is not disrupted.
Integrate the appliance using a SPAN port
Task
Connect McAfee DLP Monitor to a network switch using a console cable or network connection
1
(such as Telnet or SSH).
Note the port used to connect the appliance to the LAN switch, and the port used by the WAN
router.
Apply the appropriate SPAN port configuration.
2
Using interface show commands on the switch, verify that traffic is being received on the switch
3
port to which McAfee DLP Monitor is connected.
Save the configuration on the switch.
4
Common configuration
If a SPAN port is configured on a Cisco switch, the WAN router would be connected to
interface "GigabitEthernet1/0/1". The DLP appliance would be connected to interface
"GigabitEthernet1/0/2".
Switch: configure terminal
Switch(config)# interface GigabitEthernet1/0/2
Switch(config‑if)# port monitor GigabitEthernet1/0/1
Switch(config‑if)# end
Switch# show port monitor
Monitor Port
‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑ ‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑
GigabitEthernet1/0/2
Switch# write memory
12 McAfee Data Loss Prevention 9.2.1
With this configuration, some packets might be dropped under heavy loads. As a result, the number of
packets seen by McAfee DLP Monitor might not match the number seen by the ports being monitored.
Port being monitored
GigabitEthernet1/0/1
Installation Guide