cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
595
Views
0
Helpful
3
Replies

IDS Network module

biao.jiang
Level 1
Level 1

Does anyone can tell me if Cisco IDS Network module (NM-CIDS) can capture the vlan traffic, or it only can capture traffic going through it. If it can, how can I do that?

1 Accepted Solution

Accepted Solutions

Hi Biao,

The NMCIDS module gets the traffic on its sniffing interface from the Router in which it is housed. The sniffing interface is not connected to switch to use the span configuration.

You will need to enable the desired interfaces (including subinterfaces) on the router for packet monitoring. You can select any number of interfaces or subinterfaces to be monitored. The packets sent and received on these interfaces are forwarded to the NM-CIDS for inspection. The enabling and disabling of the interfaces is configured through the router CLI (Cisco IOS). So There is no way you capture the vlan traffic of the switch.

View solution in original post

3 Replies 3

gabelar
Level 1
Level 1

Not all VLANs are inspected by default. When you configure the switch that has the IDSM card installed you tell the switch which traffic will be looked at by the IDSM card using vlan filtering. It’s a failr vast subject. See the following design guide outlining how to configure the IDS card and the CAT. http://www.cisco.com/en/US/partner/products/sw/secursw/ps2113/products_installation_and_configuration_guide_chapter09186a0080358087.html

Thanks for your response. What I meant here was IDS module installed in the router, not IDSM in 6500. I tried span on the switch for capturing vlan traffic, but I did not see it. I can only get the traffic passing through the interface which was configured for monitoring.

Hi Biao,

The NMCIDS module gets the traffic on its sniffing interface from the Router in which it is housed. The sniffing interface is not connected to switch to use the span configuration.

You will need to enable the desired interfaces (including subinterfaces) on the router for packet monitoring. You can select any number of interfaces or subinterfaces to be monitored. The packets sent and received on these interfaces are forwarded to the NM-CIDS for inspection. The enabling and disabling of the interfaces is configured through the router CLI (Cisco IOS). So There is no way you capture the vlan traffic of the switch.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: