Best Practices for GigaStor
Best Practices for GigaStor
When using GigaStor to capture data for long-term forensic analysis, consider the following:
- Capture all traffic of interest on the devices being monitored. In general, use port mirroring sessions because IP VACLs filter out traffic that is not Layer 3, such as STP.
- Configure destination interfaces as trunk ports to export VLAN headers so that VLAN statistics can be calculated. Configure the interface as a trunk port before configuring it as a destination interface. Shut down the port before configuring it to prevent a spanning tree recalculation. Use the vlan allowed command on the trunk port to filter VLANs that are allowed to leave the destination interface.
- Reduce packet loss at the destination interface. Use the switchport trunk allowed vlan command to specify which VLANS are sent out of a destination interface. With this command, you can split the SPAN across multiple destination interfaces and reduce contention. Because GigaStor has up to eight 1-Gigabit interfaces or two 10-Gigabit interfaces, it is well-suited for using multiple destination interfaces.
- If backup traffic consumes too much storage space on the GigaStor, filter the GigaStor active instance to prevent it from writing that data to disk.
Copyright © 2015 CA Technologies.
All rights reserved.
|
|