Dropping vlan traffic to an IDS device

Unanswered Question
Aug 24th, 2007
User Badges:

We have a very busy vlan that we're capturing traffic from and sending it to a Gig port connected to an IDS device. Approximately 20% of the traffic is either being dropped by the switch capture port or the IDS device. We've been told 3% dropped traffic is acceptable and we're trying to figure out how to limit the dropped traffic for that vlan. Any ideas? Thanks,

Dave Magorty

Network Infrastructure

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mhellman Fri, 08/24/2007 - 10:59
User Badges:
  • Blue, 1500 points or more

Depending on the switch, you might be able to switch to using VACL's, which would allow you to be more selective about the traffic you send to the capture port.

davmag Fri, 08/24/2007 - 11:05
User Badges:

It's a 6509E running IOS 12.2(18)SXE4. Do you have any specifics on the ACL? Or do I need to ask under a different forum? Thanks,


attmidsteam Fri, 08/24/2007 - 11:27
User Badges:
  • Silver, 250 points or more

Where are you getting the dropped % packet #? On the sensor CLI, type 'sh event status'; if you see 'Missed packet %' messages flowing by it is a sensor issue (meaning it can't keep up).


This Discussion