An administrator is configuring their transparent Cisco FTD device to receive ERSPAN traffic from multiple switches on a passive port, but the Cisco FTD is not processing the traffic. What is the problem?
A.
The switches do not have Layer 3 connectivity to the FTD device for GRE traffic transmission.
B.
The switches were not set up with a monitor session ID that matches the flow ID defined on the Cisco FTD.
C.
The Cisco FTD must be in routed mode to process ERSPAN traffic.
D.
The Cisco FTD must be configured with an ERSPAN port not a passive port.
Answer is (C).
See section "Guidelines for Inline Sets and Passive Interfaces"
Firewall Mode
- ERSPAN interfaces are only allowed when the device is in routed firewall mode.
https://www.cisco.com/c/en/us/td/docs/security/firepower/630/configuration/guide/fpmc-config-guide-v63/inline_sets_and_passive_interfaces_for_firepower_threat_defense.html#id_19616
The Cisco ERSPAN feature allows you to monitor traffic on ports or VLANs and send the monitored traffic to destination ports. The ERSPAN feature requires IP routing to be enabled in the Global Configuration Mode.
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9400/software/release/16-6/configuration_guide/nmgmt/b_166_nmgmt_9400_cg/b_166_nmgmt_9400_cg_chapter_01000.pdf
A & C
Passive or ERSPAN Passive—Passive interfaces monitor traffic flowing across a network using a switch SPAN or mirror port. The SPAN or mirror port allows for traffic to be copied from other ports on the switch. This function provides the system visibility within the network without being in the flow of network traffic. When you configure the FTD in a passive deployment, the FTD cannot take certain actions such as blocking or shaping traffic. Passive interfaces receive all traffic unconditionally. and no traffic received on these interfaces is retransmitted. Encapsulated remote switched port analyzer (ERSPAN) interfaces allow you to monitor traffic from source ports distributed over multiple switches, and uses GRE to encapsulate the traffic. ERSPAN interfaces are only allowed when the FTD is in routed firewall mode.
Not sure its C ....
"
To process ERSPAN traffic, an FTD device should have an ERSPAN interface configured. The ERSPAN interface is specifically designed to receive and decode ERSPAN traffic. The ERSPAN interface can be connected to an ERSPAN source port on a switch or other devices to capture and analyze the encapsulated ERSPAN traffic."
Isn't it C.
refer:
https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/inline_sets_and_passive_interfaces_for_firepower_threat_defense.html
"ERSPAN interfaces are only allowed when the FTD is in routed firewall mode"
It's A. If not already in routed mode, the interfaced couldn't be configured
upvoted 4 times
...
This section is not available anymore. Please use the main Exam Page.300-710 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Silexis
3 months, 1 week agoMB2222
6 months, 3 weeks agoachille5
8 months, 1 week agocla8829
1 year, 5 months agoBbb78
1 year, 5 months agoBbb78
1 year, 5 months agoInitial14
1 year, 7 months agoJoe_Blue
1 year, 8 months agolapsi
1 year, 8 months agoSeawanderer
1 year, 9 months ago