Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
751
Views
0
Helpful
3
Replies

IDS Network module

Go to solution
biao.jiang
Level 1
Level 1

‎03-16-2005 03:25 PM - last edited on ‎03-25-2019 05:17 PM by Community Manager

Does anyone can tell me if Cisco IDS Network module (NM-CIDS) can capture the vlan traffic, or it only can capture traffic going through it. If it can, how can I do that?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
mkodali
Cisco Employee
Cisco Employee
In response to biao.jiang

‎03-22-2005 10:38 AM

Hi Biao,

The NMCIDS module gets the traffic on its sniffing interface from the Router in which it is housed. The sniffing interface is not connected to switch to use the span configuration.

You will need to enable the desired interfaces (including subinterfaces) on the router for packet monitoring. You can select any number of interfaces or subinterfaces to be monitored. The packets sent and received on these interfaces are forwarded to the NM-CIDS for inspection. The enabling and disabling of the interfaces is configured through the router CLI (Cisco IOS). So There is no way you capture the vlan traffic of the switch.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
gabelar
Level 1
Level 1

‎03-21-2005 05:17 PM

Not all VLANs are inspected by default. When you configure the switch that has the IDSM card installed you tell the switch which traffic will be looked at by the IDSM card using vlan filtering. It’s a failr vast subject. See the following design guide outlining how to configure the IDS card and the CAT. http://www.cisco.com/en/US/partner/products/sw/secursw/ps2113/products_installation_and_configuration_guide_chapter09186a0080358087.html

0 Helpful

Go to solution
biao.jiang
Level 1
Level 1
In response to gabelar

‎03-22-2005 07:53 AM

Thanks for your response. What I meant here was IDS module installed in the router, not IDSM in 6500. I tried span on the switch for capturing vlan traffic, but I did not see it. I can only get the traffic passing through the interface which was configured for monitoring.

0 Helpful

Go to solution
mkodali
Cisco Employee
Cisco Employee
In response to biao.jiang

‎03-22-2005 10:38 AM

Hi Biao,

The NMCIDS module gets the traffic on its sniffing interface from the Router in which it is housed. The sniffing interface is not connected to switch to use the span configuration.

You will need to enable the desired interfaces (including subinterfaces) on the router for packet monitoring. You can select any number of interfaces or subinterfaces to be monitored. The packets sent and received on these interfaces are forwarded to the NM-CIDS for inspection. The enabling and disabling of the interfaces is configured through the router CLI (Cisco IOS). So There is no way you capture the vlan traffic of the switch.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card