08-24-2007 10:24 AM - edited 03-10-2019 03:45 AM
We have a very busy vlan that we're capturing traffic from and sending it to a Gig port connected to an IDS device. Approximately 20% of the traffic is either being dropped by the switch capture port or the IDS device. We've been told 3% dropped traffic is acceptable and we're trying to figure out how to limit the dropped traffic for that vlan. Any ideas? Thanks,
Dave Magorty
Network Infrastructure
08-24-2007 10:59 AM
Depending on the switch, you might be able to switch to using VACL's, which would allow you to be more selective about the traffic you send to the capture port.
08-24-2007 11:05 AM
It's a 6509E running IOS 12.2(18)SXE4. Do you have any specifics on the ACL? Or do I need to ask under a different forum? Thanks,
Dave
08-24-2007 12:20 PM
Here's a pretty good description that includes an example of what you're trying to do:
note the "layered" application of ACL's and the use of "action forward" and "action forward capture"
08-24-2007 11:27 AM
Where are you getting the dropped % packet #? On the sensor CLI, type 'sh event status'; if you see 'Missed packet %' messages flowing by it is a sensor issue (meaning it can't keep up).
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide