Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
943
Views
5
Helpful
2
Replies

WSA L4TM SPAN Question

Go to solution
Freemen
Level 1
Level 1

‎03-02-2021 06:23 PM

Hi All,

I have a explicit deployment with pac file, and proxy 12.5 to turn on ip spoofing feature.

 

my setup is as below, so my enable L4TM i will SPAN the uplink GI0/1 destination to the T1 port? does only SPAN uplink is enough? and does it will work with ip spoofing + explicit mode?

 

Screenshot 2021-03-03 at 10.21.13.png

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎03-03-2021 12:31 AM

From my notes :

 

 

The L4TM monitors traffic , commonly via a SPAN (Switch Prot Analyzer) port from a switch, also called port mirroring.

 

In Duplex mode, you only use T1, to monitor the incoming and outgoing traffic. So T1 is connected to a SPAN port that sees both traffic incoming and outgoing.

 

In Simplex mode, you use T1 for the outbound traffic, and T2 for the inbound traffic. So SPAN the outgoing VLAN to a port connected to T1, and SPAN the incoming VLAN to a port connected to T2.

 

Q: What is the difference between L4TM Simplex and duplex modes?
A: There are two modes that the L4TM interfaces can be configured to use: Simplex and Duplex. This can be configured in GUI -> "Network" -> "Interfaces" -> "L4 Traffic Monitor Wiring".

Duplex mode:
In this mode, both directions of traffic are being spanned to a single L4TM interface (T1/T2) interface.

Simplex mode:
In this mode, client traffic out is sent to T1 and return traffic to the client is sent to T2.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

Go to solution
Freemen
Level 1
Level 1
In response to balaji.bandi

‎03-04-2021 11:00 PM

so i SPAN Gi0 and choose Duplex mode should be fine?

 

can you advise how to test? any URL can trigger this L4TM ? and action drop to be observe?

 

View solution in original post

0 Helpful
2 Replies 2

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎03-03-2021 12:31 AM

From my notes :

 

 

The L4TM monitors traffic , commonly via a SPAN (Switch Prot Analyzer) port from a switch, also called port mirroring.

 

In Duplex mode, you only use T1, to monitor the incoming and outgoing traffic. So T1 is connected to a SPAN port that sees both traffic incoming and outgoing.

 

In Simplex mode, you use T1 for the outbound traffic, and T2 for the inbound traffic. So SPAN the outgoing VLAN to a port connected to T1, and SPAN the incoming VLAN to a port connected to T2.

 

Q: What is the difference between L4TM Simplex and duplex modes?
A: There are two modes that the L4TM interfaces can be configured to use: Simplex and Duplex. This can be configured in GUI -> "Network" -> "Interfaces" -> "L4 Traffic Monitor Wiring".

Duplex mode:
In this mode, both directions of traffic are being spanned to a single L4TM interface (T1/T2) interface.

Simplex mode:
In this mode, client traffic out is sent to T1 and return traffic to the client is sent to T2.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
Freemen
Level 1
Level 1
In response to balaji.bandi

‎03-04-2021 11:00 PM

so i SPAN Gi0 and choose Duplex mode should be fine?

 

can you advise how to test? any URL can trigger this L4TM ? and action drop to be observe?

 

0 Helpful
Customers Also Viewed These Support Documents