DLP Network Monitor floods the network when the span port is enabled.

book

Article ID: 171450

calendar_today

Updated On:

Products

Data Loss Prevention Network Monitor

Issue/Introduction

Data Loss Prevention (DLP)
Install and configure the Network Monitor.
Enable monitoring.
Enable the switch span port.
The Network Monitor then floods the network not connected to the span port with so many packets that the network goes down.
Disabling the span port brings the network back up.

Cause

There was a third network connection on the server.
That connection was, in some unknown way, causing a network loop when the span port on the switch was enabled.

Environment

DLP 15.0
The Monitor Server is a HP ProLiant DL36JG5 running Windows Server 2008 R2.
The server is connected to a Cisco Catalyst 3850 WS-C3850-48U.
The Cisco is running IOS CAT3k-CAA-Universal-K9M.

Resolution

Deleted the third network connection on the Monitor server.