These are not span sessions like you have on catalyst switches but only temporary mirrors. I'm not even sure if the destination port even replicates the encapsulation or not or if it keeps it untagged or tags it always depending on the source VLAN. At the moment you can only use netflow data to send to your security collector. Maybe in the future the MS390 will support encrypted traffic analytics like Catalyst does and that could be a better way to support your case.
... View more