Dropping vlan traffic to an IDS device

Unanswered Question
Aug 24th, 2007

We have a very busy vlan that we're capturing traffic from and sending it to a Gig port connected to an IDS device. Approximately 20% of the traffic is either being dropped by the switch capture port or the IDS device. We've been told 3% dropped traffic is acceptable and we're trying to figure out how to limit the dropped traffic for that vlan. Any ideas? Thanks,

Dave Magorty

Network Infrastructure

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mhellman Fri, 08/24/2007 - 10:59

Depending on the switch, you might be able to switch to using VACL's, which would allow you to be more selective about the traffic you send to the capture port.

davmag Fri, 08/24/2007 - 11:05

It's a 6509E running IOS 12.2(18)SXE4. Do you have any specifics on the ACL? Or do I need to ask under a different forum? Thanks,

Dave

attmidsteam Fri, 08/24/2007 - 11:27

Where are you getting the dropped % packet #? On the sensor CLI, type 'sh event status'; if you see 'Missed packet %' messages flowing by it is a sensor issue (meaning it can't keep up).

Actions

This Discussion