Configuring Port Mirroring
IDS Mirroring Considerations
Matrix DFE-Platinum and Diamond Series Configuration Guide 4-89
4.4.2 IDS Mirroring Considerations
An IDS mirror is a one-to-many port mirror that has been designed for use with an Intrusion
Detection System. The following considerations must be taken into account when configuring IDS
mirroring on the Matrix device:
• As of release 5.xx.xx, mirroring of multiple (unlimited number of) source ports to an IDS
destination port is supported.
• Eight destination ports must be reserved for an IDS mirror.
• All DIP/SIP pairs will be transmitted out the same physical port.
• All non-IP traffic will be mirrored out the first physical port in a LAG. This port will also be used
for IP traffic.
• Port failure or link recovery in a LAG will cause an automatic re-distribution of the DIP/SIP
conversations.
4.4.3 Active Destination Port Configurations
The Matrix NSA device supports 64 mirroring destination ports. Each Matrix DFE-Platinum Series
device supports 16 mirroring destination ports. These ports can be a mixed variety of port, VLAN,
and IDS combinations. Any or all destination ports can be configured in a many-to-one mirroring
configuration (that is, many sources mirrored to one destination). Examples of destination port
configurations on a DFE-Platinum Series module include:
• 16 port mirrors
• 16 VLAN mirrors
• 8 port and 8 VLAN mirrors
• 12 port and 4 VLAN mirrors
• 8 port and 1 IDS mirror (where the device mirrors to 8 ports)
• 8 VLAN and 1 IDS mirror (where the device mirrors to 8 ports)
NOTE: Eight destination ports must be reserved for an IDS mirror.
To Next Page
Loading...
