Manualshelf

HP ProCurve Threat Management Solution Implementation Guide 2009-05

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
81828384858687888990
3-28
HP ProCurve Network Immunity Manager with a Third-Party IDS/IPS
Step 2: Detect Threats
Set Up Remote Mirroring
When the source port (the traffic of interest) and the destination port (the IDS) are on different
switches, the process uses remote mirroring. Mirrored traffic between the source and destina-
tion switches is encapsulated in an IPv4 tunnel.
Static remote port mirroring is similar to static local port mirroring, described previously. You
can set up static remote port mirroring using PCM+ as follows:
1. Evaluate the path between the source port and the destination port.
a. Make sure that the source and destination switches both support remote mirroring.
Remote mirroring is supported on the following HP ProCurve switches:
3500yl
5400zl
6200yl
6600
8212zl
b. Make sure that any intermediate switches between the source and destination
switches have jumbo frames enabled. Intermediate switches between the source and
destination switches do not need to support remote mirroring since they are just
passing encapsulated traffic. But if the traffic being passed includes full-sized frames,
then some of the encapsulated trafficthe full frames plus their encapsulating
wrapperswill include oversize frames. To prevent these frames from being trun-
cated or dropped, the intermediate switches must have jumbo frames enabled.
2. Set up the mirror (destination) port. This is the port to which the IDS is attached.
a. Select the destination switch in its group in the left navigation tree.
b. Click the Port List tab.
c. Click the Port Status subtab.
d. Select the destination port in the list.
e. Click the Tools Menu icon on the toolbar and select Configure Mirror Port.