09-06-2016 07:33 AM - edited 03-10-2019 01:10 PM
I'd just like to check my understanding of a Destination Port in Local SPAN. Let's say our port is connected to an IDS/IPS device. Is this port supposed to be able to forward or receive normal traffic? If the IDS/IPS detects something naughty, how does it send a RST to drop the connection?
What is "ingress traffic forwarding" and do I need to enable it?
•The port does not transmit any traffic except that required for the SPAN session.
•If ingress traffic forwarding is enabled for a network security device, the destination port forwards traffic at Layer 2.
Any help is appreciated. Thanks!
Solved! Go to Solution.
09-06-2016 11:12 AM
Hello,
When ingress is enabled, the SPAN destination port accepts incoming packets, which are potentially tagged that depends on the specified encapsulation mode, and switches them normally. When you configure a SPAN destination port, you can specify whether or not the ingress feature is enabled and what VLAN to use to switch untagged ingress packets. The specification of an ingress VLAN is not required when ISL encapsulation is configured, as all ISL encapsulated packets that have VLAN tags. Although the port is STP forwarding, it does not participate in the STP, so use caution when you configure this feature lest a spanning-tree loop be introduced in the network. When both ingress and a trunk encapsulation are specified on a SPAN destination port, the port goes forwarding in all active VLANs. The configuration of a non-existent VLAN as an ingress VLAN is not allowed.
09-06-2016 11:12 AM
Hello,
When ingress is enabled, the SPAN destination port accepts incoming packets, which are potentially tagged that depends on the specified encapsulation mode, and switches them normally. When you configure a SPAN destination port, you can specify whether or not the ingress feature is enabled and what VLAN to use to switch untagged ingress packets. The specification of an ingress VLAN is not required when ISL encapsulation is configured, as all ISL encapsulated packets that have VLAN tags. Although the port is STP forwarding, it does not participate in the STP, so use caution when you configure this feature lest a spanning-tree loop be introduced in the network. When both ingress and a trunk encapsulation are specified on a SPAN destination port, the port goes forwarding in all active VLANs. The configuration of a non-existent VLAN as an ingress VLAN is not allowed.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide