06-22-2012 01:47 PM
I have a pair of MLX16e switches setup as an MCT cluster. I would like to attach an intrusion prevention sensor (IPS) to monitor all VLAN 2 traffic. I believe the sensor will need to receive traffic from each MLX and I have two ports on the ips sensor for this. There is not a specific example in the 5.1 configuration guide for this scenario. Can anyone share how they have configured their MLX to a traffic analyzer?
06-22-2012 04:45 PM
Can your IDS system support LACP? If so then, create a LACP of two ports on the IDS and a LACP of one port of each side of the MCT. Then set the mirror to new switch side LACP port.
Not tested this, but I think it should work.
06-22-2012 05:32 PM
Thanks for the reply. The IPS doesn't LACP, but requires only mirrored traffic. In this case, I would like to monitor (copy) all traffic from VLAN 2 going through the MLX and send it to a mirror port for the IPS to sniff. I know on the old Cisco gear we were using the command was:
monitor session 1 source vlan 2
monitor session 1 destination etc.
Not sure if someone of both Cisco and Brocade background could translate this into Brocade syntax?
06-22-2012 10:04 PM
Below is an example of setting up a ACL based mirror to get all traffic on VLAN 10
Configuring ACL-based mirroring for ACLs bound to virtual interfaces
For configurations that have an ACL bound to a virtual interface, you must configure the acl-mirror-port command on
a port for each PPCR that is a member of the virtual interface. For example, in the following configuration ports 4/1 and 4/2 share the same PPCR while port 4/3 uses another PPCR.
Brocade(config)# vlan 10
Brocade(config-vlan-10)# tagged ethernet 4/1 to 4/3
Brocade(config-vlan-10)# router-interface ve 10
Brocade(config)# interface ethernet 4/1
Brocade(config-if-e10000-4/1)# acl-mirror-port ethernet 5/1
Brocade(config)# interface ve 10
Brocade(config-vif-10)# ip address 10.10.10.254/24
Brocade(config-vif-10)# ip access-group 102 in
Brocade(config)# access-list 101 permit ip any any mirror
In this configuration, the acl-mirror-port command is configured on port 4/1 which is a member of ve 10. Because of this, ACL-based mirroring will apply to VLAN 10 traffic that arrives on ports 4/1 and 4/2. It will not apply to VLAN 10 traffic that arrives on port 4/3 because that port uses a different PPCR than ports 4/1 and 4/2. To make the configuration apply ACL-based mirroring to VLAN 10 traffic arriving on port 4/3, you must add the following command to the configuration.
Brocade(config)# interface ethernet 4/3
Brocade(config-if-e10000-4/3)# acl-mirror-port ethernet 5/1