08-09-2007 03:48 AM - edited 03-10-2019 03:44 AM
Dear
I need to run my IPS through network i configured my sitch 3560 but when i entered this command :
monitor session 1 destination interface Fa0/24
i lost the connection with IPS.i put the monitoring IPS port at SW port/24 ....
what is the problem?
08-09-2007 09:06 AM
The "monitor session" commands are only used when you want to passively monitor switch traffic (IDS mode), not run your sensor in-line (IPS mode).
There are two parts to the "monitor session" commands, the source and destination commands.
monitor session source 1 interface fa0/1 - 23 rx
will capture all the transmit AND receive traffic on ports 0/1 thru 0/23
monitor session 1 destination interface Fa0/24
will send the captured traffic port 0/24 to your waiting IDS sensor.
08-12-2007 08:25 AM
Ok,
1. do you mean i could not able to use command:
monitor session 1 destination interface Fa0/24.
with IPS traffic.... if yes how can i configure the switch i have just these tow commands at my SW:
monitor session source 1 interface fa0/1 - 23 rx
monitor session 1 destination interface Fa0/24
2. else i have this attached file for my IPS configuration i need your help if can give me your recommendations
3. Finally does SW2950 support command:
switchport trunk encapsulation dot1q.
thank you.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide