Re: mirroring a port on a 2950C

lordparody · ‎08-03-2005

Hi all,

I'm looking at setup a snort IDS within our network here and wish to replicate a vlan on a 2950c to a port.. i've been reading alot of the documentation i've got here and on the website and its slightly confusing. all the ports i wish to mirror are within one vlan and also wondering if i can setup the snort interface without an IP so it only listens promisc ie does the SPAN port do anything different if there is no IP answering it.

many thanks in advance

Matt

amit-singh · ‎08-03-2005

Matt,

You can set up the SPAN on the switch, there is not issue. But I didnt get your question exactly. Could please provide more info on this.

regards,

-amit singh

lordparody · ‎08-04-2005

sorry i should have tried to explain better. I have a surfcontrol box, 2 sendmail boxes and squid proxy on one vlan coming from the 2950. i wish to mirror that data coming to all those machines into a single port to be directed at a SNORT IDS machine. My query is .. i know SPAN can do port mirroring.. but on the 2950c is it possible to mirror the vlan to that one port? and how would i go about it. (the machines are on the first 4 ports on the blade and the snort is on the last port working left to right. ws-c2950c-24)

amit-singh · ‎08-04-2005

Matt,

Sorry, 2950 doesnot support Vlan SPAN. You wont be able to SPAN the whole vlan. You can use source as ports or a group of ports.

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2950/12122ea5/2950scg/swspan.htm#wp1078977

regards,

-amit singh

lordparody · ‎08-07-2005

Thanks Amit

The Vlan portion was more a hope of making the SPAN neater but the ability to still monitor multiple ports to the IDS will work just the same. thanks heaps for your assistance :]