Configure TP-Link TL-SG108E Switch

[nicholaswkc34]

Version

2.4.20

Installation Method

Security Onion ISO image

Description

configuration

Installation Type

Standalone

Location

other (please provide detail below)

Hardware Specs

Meets minimum requirements

CPU

Quad Core

RAM

20GB

Storage for /

300GB

Storage for /nsm

300GB

Network Traffic Collection

span port

Network Traffic Speeds

Less than 1Gbps

Status

No, one or more services are failed (please provide detail below)

Salt Status

No, there are no failures

Logs

No, there are no additional clues

Detail

Dear all forumers, I had installed SO 2.4.20 and completed the so-setup but I didn't find the setup for whether to use TUN/Span port selection at so-setup.

Another questions is I had configured router TP-Link TL-SG 108E to mirror on port 8 but the link is down. How to enable it and let it capute the inbound traffic? There is no ip address associated with it yet.

Please help. Thanks.

Guidelines

• I have read the above statement and can confirm my post is relevant to Security Onion 2.4.

[Acewiza]

Monitor port on the Onion doesn't care what you connect it to. But it needs link. Might be a config issue on that port-8.

[nicholaswkc34]

Derar all forumers, I just enable the port mirroring feature on port 8 for my TP-Link TL-SG108E switches.

This is the screenshot of the switches port mirroring.

[Acewiza]

Yeah sorry, but the only TP-Link device I own is a DSL router, so I'm out.

[nicholaswkc34]

Dear all forumers, Please help.

[reyesj2]

Looks like you need to 'enable' ingress / egress on each port you want to mirror traffic out to port 8.

While you troubleshoot your switch you can use the influxdb dashboard to monitor ingested traffic speed and give you insight into when your Security Onion box starts seeing traffic. https://docs.securityonion.net/en/2.4/influxdb.html?highlight=influxdb#influxdb

[nicholaswkc34]

Good info here.