Specifications

ManualsBrandsEnterasys ManualsComputer equipmentN Standalone (NSA) Series

231

232

233

234

235

236

237

238

239

240

Overview of Port Mirroring Configurations on Enterasys Switches

May 04, 2011 Page 5 of 15

RefertotheLinkAggregationsectionofyourdevice’sConfigurationGuideorCLIReferenceformore

information.

Whenusedasasourceportinamirror,LAGportsactidenticallytoasinglephysicalport.Either

dynamicorstaticLAGscanbeusedassourceports.Whenusedasadestination

portinamirror,

themirrorisconfiguredasanIDSmirrorasdescribedinthenextsection.OnlystaticLAGscanbe

usedasdestinationports.

IDS Mirrors

SinceIDSdevicesarenormallybandwidthlimited,theybenefitfromdistributionofmirroreddata

acrossmultipleports(forexample,aGigabitportmirroredtomultiple FastEthernetports).

AnIDSmirrorisaone‐to‐manyportmirrorthathasbeendesignedforusewithanIntrusion

DetectionSystem.Thetarget

(destination)portofanIDSmirrormustbeavirtualLAGportthat

youadministrativelysetcalledastaticLAG.Onceconfigured,anIDSmirrorload‐sharestraffic

amongalldestinationportsintheLAGyousetastheportmirror.

Thesystemhashesthesourceportconversationbasedonsource

anddestinationIP(SIP/DIP)

addresspairsandsendsthesamepairsoutthesamephysicalportinthedestinationmirror. This

way,eachIDSdevicewillseealloftheconversationsbetween aDIP/SIPandwillnotduplicatethe

sameinformationoutmultipledestinationports.WhenIDSmirroringisenabled,the

system

performsaLayer3lookupforallframes.Allnon‐IPtraffic(includingcontrolframes)issenttoan

arbitrary,“designated”physicalout‐port.ThisportisincludedintheDIP/SIPhashlist.Ifthe

switchdetectsafailureofanyofthephysicalportsintheLAG,it

willautomaticallyredistribute

theDIP/SIPconversationsamongtheremainingportsinthe LAG.WithIDSmirroring,source

trafficisload‐sharedamongalldestinationportstoensurenopacketloss.

WhenconfiguringIDSmirroringonyourN‐SeriesDiamondorPlatinu m ,S‐Series,orK‐Series

device,youmusttakeinto

considerationthefollowing:

•OnlyoneIDSmirrorisallowedperchassis.

•Asofrelease5.xx.xx,mirroringofmultiple(unlimitednumberof)sourceportstoanIDS

destinationportissupported.

•TendestinationportsmustbereservedforanIDSmirror.

•AllDIP/SIPpairswillbetransmittedoutthesamephysicalport.

•Allnon‐

IPtrafficwillbemirroredoutthefirstphysicalportinaLAG.Thisportwillalsobe

usedforIPtraffic.

•PortfailureorlinkrecoveryinaLAGwillcauseanautomaticre‐distributionoftheDIP/SIP

conversations.

Referto“Example:ConfiguringanIDSMirror”onpage 14formore

information.

Note: This function is supported only on N-Series Platinum and Diamond, S-Series, and K-Series

switches.