Entertainment & Humor

The ProCurve 3500yl/5400zl/6200yl Switch Software Update NPI Technical Training

Description
The ProCurve 00yl/00zl/00yl Switch Software Update NPI Technical Training NPI Technical Training Version.0b December Hewlett-Packard Development Company, L.P. The information contained herein is
Published
of 18
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Related Documents
Share
Transcript
The ProCurve 00yl/00zl/00yl Switch Software Update NPI Technical Training NPI Technical Training Version.0b December Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Traffic irroring Section 00 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Gig-T/GBIC J0A 0 0/0/0-TPorts(-,T,T)-portsareIEAutoDI/DI-X ode ode T T Dual-PersonalityPorts:0/0/0-T(T)orini-GBIC() Gig-T/GBIC J0A 0 0/0/0-TPorts(-,T,T)-portsareIEAutoDI/DI-X ode ode T T Dual-PersonalityPorts:0/0/0-T(T)orini-GBIC() Traffic irroring Allows you to monitor traffic to detect threats or troubleshoot problems Advantages Allows you to monitor traffic from the local switch or from multiple remote switches Eliminates the need for a monitoring port on every switch Reduces the number of necessary security appliances IDS/IPS* Network 00yl Switch Destination switch forwards mirrored traffic to IDS/IPS. Selected traffic is mirrored to another switch. Stations 00zl Switch Traffic is selected based on port, VLAN, or ACL. *Intrusion detection system (IDS)/ Intrusion prevention system (IPS) Gig-T/GBIC J0A 0 0/0/0-TPorts(-,T,T)-portsareIEAutoDI/DI-X ode ode T T Dual-PersonalityPorts:0/0/0-T(T)orini-GBIC() Gig-T/GBIC J0A 0 0/0/0-TPorts(-,T,T)-portsareIEAutoDI/DI-X ode ode T T Dual-PersonalityPorts:0/0/0-T(T)orini-GBIC() Remote Traffic irroring Allows you to monitor traffic to detect threats or troubleshoot problems from across the network and bring information back to the analyzer. IDS/IPS* Network 00yl Switch Stations 00zl Switch *Intrusion detection system (IDS)/ Intrusion prevention system (IPS) Gig-T/GBIC J0A 0 0/0/0-TPorts(-,T,T)-portsareIEAutoDI/DI-X ode ode T T Dual-PersonalityPorts:0/0/0-T(T)orini-GBIC() Gig-T/GBIC J0A 0 0/0/0-TPorts(-,T,T)-portsareIEAutoDI/DI-X ode ode T T Dual-PersonalityPorts:0/0/0-T(T)orini-GBIC() Guidelines for Using Traffic irroring Two types of traffic mirroring: Local mirroring source and destination are on the same switch Remote mirroring source and destination are on different switches Each switch can be the: Originator for four mirror sessions, with the destination on either the local switch or another switch Destination for mirror sessions IPS/IDS Network 00yl Switch The 00yl Switch can receive up to additional mirror sessions. 00zl Switch Four mirror sessions originate on the local 00zl Switch. Guidelines for Using Traffic irroring Continued For local mirroring, configure exit ports: Configure multiple mirror sessions to use the same exit port Load balance mirror sessions across multiple exit ports 0 Core IDS/IPS Overview of Configuration Steps. Configure the destination switch for remote traffic mirroring.. Configure the source switch. Define the session number and the destination for the mirror session on the source switch. Local traffic mirroring port on the same switch Remote traffic mirroring another 00yl, 00zl, or 00yl Switch Define the source interface and the direction of traffic Ports, including mesh ports Static trunks Static virtual LANs (VLANs) Direction of traffic inbound, outbound, or both directions Apply an optional Access Control List (ACL) to further select traffic. Select inbound traffic on the source interface with an extended or standard ACL Gig-T/GBIC J0A 0 0/0/0-TPorts(-,T,T)-portsareIEAutoDI/DI-X ode ode T T Dual-PersonalityPorts:0/0/0-T(T)orini-GBIC() Gig-T/GBIC J0A 0 0/0/0-TPorts(-,T,T)-portsareIEAutoDI/DI-X ode ode T T Dual-PersonalityPorts:0/0/0-T(T)orini-GBIC() Overview of Configuration Steps. For remote traffic mirroring, enable jumbo frames to mirror information fields larger than bytes (untagged) or (tagged) On both source and destination switches Any infrastructure switches in between The end stations, in this case the IPS/IDS if you know the originating frame was larger than bytes. ProCurve (config)# vlan vlan_id jumbo IPS/IDS The destination is on the remote 00yl Switch. 00yl Switch 00zl Switch irror session originates on the local 00zl Switch. Configuring the Destination Switch. For remote traffic mirroring, configure the source and destination of the mirror session on the destination switch ProCurve_dst_switch(config)# mirror endpoint ip src-ip-add src-udp-port dst-ip-add port port# These settings must match the settings you will configure on the source switch. src-ip-add src-udp-port dst-ip-add port# Options IP address of the VLAN or subnet on which the mirrored traffic enters or leaves the source switch The unique UDP port number to use for the session IP address of the VLAN or subnet for the exit port on the destination switch Exit port on the destination switch Configuring the Source Switch Remote traffic mirroring. Configure the source switch For remote traffic mirroring, identify the mirror session, the source, and the destination. ProCurve_source_switch(config)# mirror - [name name ] remote ip src-ip-add src-udp-port dst-ip-add Replace - with the number to identify this mirror session. Assign an optional name if you want an easier way to identify the session. Ensure the other settings match those configured on the destination switch. 0 Configuring the Source Switch Local traffic mirroring For local traffic mirroring, identify the session and configure the exit port ProCurve_source_switch(config)# mirror - [name name ] port port# 0 Core Exit port is port. IPS/IDS Configuring the Source Switch Define the originating interface Define the originating interface as a port, trunk, or mesh port ProCurve_source_switch(config)# interface port/trunk/mesh monitor all [in out both] mirror - [mirror - ...] port/trunk/mesh [in out both] - Options Port, trunk, or mesh Direction of traffic that you want mirrored: in = traffic entering port out = traffic exiting port both = all traffic Number for this mirror session Configuring the Source Switch Select the originating interface Define the originating interface as a VLAN or VLANs ProCurve_source_switch(config)# vlan vlan-id monitor all [in out both] mirror - [mirror - ...] Replace vlan-range with a VLAN or a range or VLANs. VLAN Network VLAN 00zl Switch Using an ACL to Further Select Traffic Optional To use an ACL to select traffic arriving on an interface, enter: ProCurve_source_switch(config)# interface port/trunk/mesh monitor ip access-group acl_name in mirror - [mirror - ...] ProCurve_source_switch(config)# vlan vlan-id monitor ip access-group acl_name in mirror - [mirror - ...] Replace acl_name with the name of the ACL you have configured. Enabling Jumbo Frames. For remote traffic mirroring, enable jumbo frames on the source switch, destination switch, and any intervening infrastructure switches For example: ProCurve_Source (config)# vlan jumbo ProCurve_Destination (config)# vlan jumbo ProCurve_Infrastructure (config)# vlan jumbo Traffic irroring show Commands View information about mirror sessions configured on the switch ProCurve# show monitor [ - ] Network onitoring Port = local mirror session IPv = remote mirror session Sessions Status Type Sources active port active IPv active port Inactive irror endpoint Indicates # of criteria for mirror session Type Dest Address Source Address UDP Src UDP Dst Port IPv A Gig-T/GBIC J0A 0 0/0/0-TPorts(-,T,T)-portsareIEAutoDI/DI-X ode ode T T Dual-PersonalityPorts:0/0/0-T(T)orini-GBIC() Gig-T/GBIC J0A 0 0/0/0-TPorts(-,T,T)-portsareIEAutoDI/DI-X ode ode T T Dual-PersonalityPorts:0/0/0-T(T)orini-GBIC() Example Configuration Running configuration:!source switch! vlan untagged B-B ip address jumbo exit mirror remote ip interface B monitor all both mirror exit interface B monitor all both mirror exit Originating interface Running configuration:!dst switch! vlan untagged - ip address jumbo exit mirror endpoint ip port IPS/IDS Destination Switch Source Switch 0...
Search
Related Search
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks