Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Dropping vlan traffic to an IDS device

We have a very busy vlan that we're capturing traffic from and sending it to a Gig port connected to an IDS device. Approximately 20% of the traffic is either being dropped by the switch capture port or the IDS device. We've been told 3% dropped traffic is acceptable and we're trying to figure out how to limit the dropped traffic for that vlan. Any ideas? Thanks,

Dave Magorty

Network Infrastructure

4 REPLIES
Gold

Re: Dropping vlan traffic to an IDS device

Depending on the switch, you might be able to switch to using VACL's, which would allow you to be more selective about the traffic you send to the capture port.

New Member

Re: Dropping vlan traffic to an IDS device

It's a 6509E running IOS 12.2(18)SXE4. Do you have any specifics on the ACL? Or do I need to ask under a different forum? Thanks,

Dave

Gold

Re: Dropping vlan traffic to an IDS device

Here's a pretty good description that includes an example of what you're trying to do:

http://www.flukenetworks.com/fnet/en-us/supportAndDownloads/KB/IT+Networking/SuperAgent/How_do_I_limit_traffic_spanned_to_SuperAgent_on_a_Cisco_6500.htm

note the "layered" application of ACL's and the use of "action forward" and "action forward capture"

Silver

Re: Dropping vlan traffic to an IDS device

Where are you getting the dropped % packet #? On the sensor CLI, type 'sh event status'; if you see 'Missed packet %' messages flowing by it is a sensor issue (meaning it can't keep up).

105
Views
0
Helpful
4
Replies