1 / 18

The ProCurve 3500yl/5400zl/6200yl Switch Software Update NPI Technical Training

NPI Technical Training Version 1.0b 6 December 2006. The ProCurve 3500yl/5400zl/6200yl Switch Software Update NPI Technical Training. Traffic Mirroring Section. Use only one (T or M) for each Dual-Personality Port. Use only one (T or M) for each Dual-Personality Port. 1. 1. 2. 2. 3. 3.

aelan
Download Presentation

The ProCurve 3500yl/5400zl/6200yl Switch Software Update NPI Technical Training

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. NPI Technical Training Version 1.0b 6 December 2006 The ProCurve 3500yl/5400zl/6200yl Switch Software Update NPI Technical Training

  2. Traffic Mirroring Section

  3. Use only one (T or M) for each Dual-Personality Port Use only one (T or M) for each Dual-Personality Port 1 1 2 2 3 3 4 4 5 5 6 6 7 7 Link Link Mode Mode 8 8 9 9 10 10 11 11 12 12 13 13 14 14 Link Link Mode Mode T T 15 15 M M T T 16 16 M M 1 1 hp procurve hp procurve xl xl Gig-T/GBIC Gig-T/GBIC xl module xl module module module 8 8 14 14 J4907A J4907A 10/100/1000-T Ports (1-14, 15T, 16T) - ports are IEEE Auto MDI/MDI-X 10/100/1000-T Ports (1-14, 15T, 16T) - ports are IEEE Auto MDI/MDI-X Dual-Personality Ports: 10/100/1000-T (T) or Mini-GBIC (M) Dual-Personality Ports: 10/100/1000-T (T) or Mini-GBIC (M) 2 3 1 Traffic Mirroring • Allows you to monitor traffic to detect threats or troubleshoot problems • Advantages • Allows you to monitor traffic from the local switch or from multiple remote switches • Eliminates the need for a monitoring port on every switch • Reduces the number of necessary security appliances IDS/IPS* Destination switch forwards mirrored traffic to IDS/IPS. Network 3500yl Switch Selected traffic is mirrored to another switch. Traffic is selected based on port, VLAN, or ACL. 5400zl Switch Stations *Intrusion detection system (IDS)/ Intrusion prevention system (IPS)

  4. Use only one (T or M) for each Dual-Personality Port Use only one (T or M) for each Dual-Personality Port 1 1 2 2 3 3 4 4 5 5 6 6 7 7 Link Link Mode Mode 8 8 9 9 10 10 11 11 12 12 13 13 14 14 Link Link Mode Mode T T 15 15 M M T T 16 16 M M 1 1 hp procurve hp procurve xl xl Gig-T/GBIC Gig-T/GBIC xl module xl module module module 8 8 14 14 J4907A J4907A 10/100/1000-T Ports (1-14, 15T, 16T) - ports are IEEE Auto MDI/MDI-X 10/100/1000-T Ports (1-14, 15T, 16T) - ports are IEEE Auto MDI/MDI-X Dual-Personality Ports: 10/100/1000-T (T) or Mini-GBIC (M) Dual-Personality Ports: 10/100/1000-T (T) or Mini-GBIC (M) Remote Traffic Mirroring • Allows you to monitor traffic to detect threats or troubleshoot problems from across the network and bring information back to the analyzer. IDS/IPS* Network 3500yl Switch 5400zl Switch Stations *Intrusion detection system (IDS)/ Intrusion prevention system (IPS)

  5. Use only one (T or M) for each Dual-Personality Port Use only one (T or M) for each Dual-Personality Port 1 1 2 2 3 3 4 4 5 5 6 6 7 7 Link Link Mode Mode 8 8 9 9 10 10 11 11 12 12 13 13 14 14 Link Link Mode Mode T T 15 15 M M T T 16 16 M M 1 1 hp procurve hp procurve xl xl Gig-T/GBIC Gig-T/GBIC xl module xl module module module 8 8 14 14 J4907A J4907A 10/100/1000-T Ports (1-14, 15T, 16T) - ports are IEEE Auto MDI/MDI-X 10/100/1000-T Ports (1-14, 15T, 16T) - ports are IEEE Auto MDI/MDI-X Dual-Personality Ports: 10/100/1000-T (T) or Mini-GBIC (M) Dual-Personality Ports: 10/100/1000-T (T) or Mini-GBIC (M) Guidelines for Using Traffic Mirroring • Two types of traffic mirroring: • Local mirroring—source and destination are on the same switch • Remote mirroring—source and destination are on different switches • Each switch can be the: • Originator for four mirror sessions, with the destination on either the local switch or another switch • Destination for 32 mirror sessions IPS/IDS The 3500yl Switch can receive up to 28 additional mirror sessions. Network 3500yl Switch Four mirror sessions originate on the local 5400zl Switch. 5400zl Switch

  6. 1 2 Guidelines for Using Traffic MirroringContinued • For local mirroring, configure exit ports: • Configure multiple mirror sessions to use the same exit port • Load balance mirror sessions across multiple exit ports 1 3 5 7 9 11 Core 2 4 6 8 10 12 IDS/IPS

  7. Overview of Configuration Steps • 1. Configure the destination switch for remote traffic mirroring. • 2. Configure the source switch. • Define the session number and the destination for the mirror session on the source switch. • Local traffic mirroring—port on the same switch • Remote traffic mirroring—another 3500yl, 5400zl, or 6200yl Switch • Define the source interface and the direction of traffic • Ports, including mesh ports • Static trunks • Static virtual LANs (VLANs) • Direction of traffic—inbound, outbound, or both directions • Apply an optional Access Control List (ACL) to further select traffic. • Select inbound traffic on the source interface with an extended or standard ACL

  8. Use only one (T or M) for each Dual-Personality Port Use only one (T or M) for each Dual-Personality Port 1 1 2 2 3 3 4 4 5 5 6 6 7 7 Link Link Mode Mode 8 8 9 9 10 10 11 11 12 12 13 13 14 14 Link Link Mode Mode T T 15 15 M M T T 16 16 M M 1 1 hp procurve hp procurve xl xl Gig-T/GBIC Gig-T/GBIC xl module xl module module module 8 8 14 14 J4907A J4907A 10/100/1000-T Ports (1-14, 15T, 16T) - ports are IEEE Auto MDI/MDI-X 10/100/1000-T Ports (1-14, 15T, 16T) - ports are IEEE Auto MDI/MDI-X Dual-Personality Ports: 10/100/1000-T (T) or Mini-GBIC (M) Dual-Personality Ports: 10/100/1000-T (T) or Mini-GBIC (M) Overview of Configuration Steps • For remote traffic mirroring, enable jumbo frames to mirror information fields larger than 1446 bytes (untagged) or (tagged) • On both source and destination switches • Any infrastructure switches in between • The end stations, in this case the IPS/IDS if you know the originating frame was larger than 1522 bytes. IPS/IDS The destination is on the remote 3500yl Switch. ProCurve (config)# vlan <vlan_id> jumbo 3500yl Switch Mirror session originates on the local 5400zl Switch. 5400zl Switch

  9. Configuring the Destination Switch • For remote traffic mirroring, configure the source and destination of the mirror session on the destination switch ProCurve_dst_switch(config)# mirror endpoint ip <src-ip-add> <src-udp-port> <dst-ip-add> port <port#> Options These settings must match the settings you will configure on the source switch.

  10. Configuring the Source SwitchRemote traffic mirroring • Configure the source switch • For remote traffic mirroring, identify the mirror session, the source, and the destination. • Replace <1-4> with the number to identify this mirror session. • Assign an optional name if you want an easier way to identify the session. • Ensure the other settings match those configured on the destination switch. ProCurve_source_switch(config)# mirror <1-4> [name <name>] remote ip <src-ip-add> <src-udp-port> <dst-ip-add>

  11. 1 Configuring the Source SwitchLocal traffic mirroring • For local traffic mirroring, identify the session and configure the exit port ProCurve_source_switch(config)# mirror <1-4> [name <name>]port <port#> 1 3 5 7 9 11 Core 2 4 6 8 10 12 Exit port is port 8. IPS/IDS

  12. Configuring the Source SwitchDefine the originating interface • Define the originating interface as a port, trunk, or mesh port ProCurve_source_switch(config)# interface <port/trunk/mesh> monitor all [in | out | both] mirror <1-4> [mirror <1-4> . . .] Options

  13. Configuring the Source SwitchSelect the originating interface • Define the originating interface as a VLAN or VLANs • Replace <vlan-range> with a VLAN or a range or VLANs. ProCurve_source_switch(config)# vlan <vlan-ID> monitor all [in | out | both] mirror <1-4> [mirror <1-4> . . .] VLAN 2 Network 5400zl Switch VLAN 1

  14. Using an ACL to Further Select Traffic Optional • To use an ACL to select traffic arriving on an interface, enter: • Replace <acl_name> with the name of the ACL you have configured. ProCurve_source_switch(config)# interface <port/trunk/mesh>monitor ip access-group <acl_name> in mirror <1-4> [mirror <1-4> . . .] ProCurve_source_switch(config)# vlan <vlan-ID>monitor ip access-group <acl_name> in mirror <1-4> [mirror <1-4> . . .]

  15. Enabling Jumbo Frames • For remote traffic mirroring, enable jumbo frames on the source switch, destination switch, and any intervening infrastructure switches • For example: ProCurve_Source (config)# vlan 8 jumbo ProCurve_Destination (config)# vlan 8 jumbo ProCurve_Infrastructure (config)# vlan 8 jumbo

  16. Traffic Mirroring show Commands • View information about mirror sessions configured on the switch ProCurve# showmonitor [<1-4>] Network Monitoring Sessions Status Type Sources ---------- ------- ----- --------- 1 active port 1 2 active IPv4 3 3 active port 1 4 Inactive Mirror endpoint Type Dest Address Source Address UDP Src UDP Dst Port ----- --------------- ----------------- --------- --------- ----- IPv4 10.8.1.100 10.8.1.1 8453 3279 A17 Port = local mirror session IPv4 = remote mirror session Indicates # of criteria for mirror session

  17. Use only one (T or M) for each Dual-Personality Port Use only one (T or M) for each Dual-Personality Port 1 1 2 2 3 3 4 4 5 5 6 6 7 7 Link Link Mode Mode 8 8 9 9 10 10 11 11 12 12 13 13 14 14 Link Link Mode Mode T T 15 15 M M T T 16 16 M M 1 1 hp procurve hp procurve xl xl Gig-T/GBIC Gig-T/GBIC xl module xl module module module 8 8 14 14 J4907A J4907A 10/100/1000-T Ports (1-14, 15T, 16T) - ports are IEEE Auto MDI/MDI-X 10/100/1000-T Ports (1-14, 15T, 16T) - ports are IEEE Auto MDI/MDI-X Dual-Personality Ports: 10/100/1000-T (T) or Mini-GBIC (M) Dual-Personality Ports: 10/100/1000-T (T) or Mini-GBIC (M) Example Configuration Running configuration: !Source switch! vlan 8 untagged B1-B24 ip address 10.8.1.1 255.255.255.0 jumbo exit mirror 1 remote ip 10.8.1.1 1000 10.8.1.100 interface B1 monitor all both mirror 1 exit interface B2 monitor all both mirror 1 exit Running configuration: !Dst switch! vlan 8 untagged 1-5 ip address 10.8.1.100 255.255.255.0 jumbo exit mirror endpoint ip 10.8.1.1 1000 10.8.1.100 port 22 Originatinginterface IPS/IDS Destination Switch10.8.1.100 Source Switch10.8.1.1

More Related