I am running a pair of ASA 5510's in active/passive and Gi0/1 is my Active ASA and Gi0/2 is my passive ASA.
I have a single IDS box that is also my internal syslog repository running on Gi0/16. There is only one NIC in this machine and one IP.
My problem is that syslog messages destined for the IDS box are duplicated in the logs. I have found that if I change the source to only one port, the duplication goes away. Also, if I change the source to only Rx or Tx the duplication goes away at all. So my question is how are these being duplicated if a unicast message is destined for a device attached to Gi0/16. Why does my SPAN configuration come into play at all here? I am sure it has something to do with the ingress command and having both mirrored traffic and standard traffic travel over the same nic/switchport. I need someone to help me understand this. Thank you in advance.
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...