I maybe installing an IDS that has a maximum throughput of 150 Mbps. Instead of putting it inline on my main gigabit port to the rest of the network, I would like to just mirror that port and install the IDS on that. The question I have is will I still see performance hit on the port that I am mirroring when the mirrored port is connected to such a slow device?
Asked
Active
Viewed 259 times
1 Answers
3
No. I suppose that your IDS could "drop" mirrored traffic in excess of its capacity, but it would not affect anything upstream.
One thing to consider is that your switch may allow only one mirroring configuration, to a single port; is there a chance that you would ever need to mirror anything else on the same switch?
Skyhawk
- 14,240
-
We had your scenario on a VoIP network once. They port-mirrored and then attached a 10Mb hub, problem solved ;) (if you can find a hub and if 10Mb is enough throughput) – Mark Henderson Nov 03 '10 at 02:31
-
We have some BayStack 253s (24-port 100M hubs) for this purpose. You should be able to get them at prices in the neighborhood of $50-70 each from resellers that specialize in refurbished equipment. I like CXtec for this sort of thing because they slap a lifetime warranty on every used item they sell, but I'm sure there are other good options too. – Skyhawk Nov 03 '10 at 15:47