Hi everyone,
I'm trying to configure port mirroring on a ProCurve 3500yl switch that will allow me to mirror traffic for a certain IP or IP block to the mirror port where IDS is attached.
For example I have a machine X attached to port 2 where I have several virtual hosts running, but I don't want to mirror the whole port to the IDS so I don't get the traffic for/from other VMs only a specific one that has IP 10.10.10.7
I looked in the documentation and it seems starting with version K.14.01 they made something that's called Advanced Classifier-Based Mirroring, but it says it only does inbound traffic selection for mirroring and doesn't support mirroring of outbound traffic exiting the switch. What does it mean outbound exiting the switch? To the VM? So it's basically unidirectional and not bi-directional, if I want to filter by IP?
How can I monitor all traffic for that specific IP, incoming and outgoing on that port?
Thanks,
Sam