Manualshelf

HP ProCurve Threat Management Solution Design Guide 2009-04

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
11121314151617181920
2-12
Concepts
The Security Management Life Cycle
Figure 2-8. Local Mirroring
Remote mirroring—Remote mirroring is similar to local mirroring, except that the
source ports and the mirror ports are on different switches. Mirrored traffic between
the switches is encapsulated in an IPv4 tunnel. Remote mirroring is currently available
on the following switches:
HP ProCurve 3500yl Series switch
HP ProCurve 5400zl Series switch
HP ProCurve 6200yl switch
HP ProCurve 6600 Series switch
HP ProCurve 8200zl Series switch
Figure 2-9. Remote Mirroring
MAC mirroring—Switches that support MAC mirroring can mirror traffic based on source
MAC address and/or destination MAC address. In a Threat Management Solution, you can
isolate the MAC address of a device that is sending suspicious traffic and use MAC
mirroring to forward this traffic to NIM for further analysis.
ProCurve Switch
Traffic in
from Network
Traffic out
to Network
Third-party
Security Device
Mirrored Traffic
ProCurve Switch
Traffic in
from Network
Traffic out
to Network
Mirrored Traffic
(in Tunnel)
Third-party
Security Device
(IDS)
Mirrored Traffic
ProCurve Switch