cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
447
Views
0
Helpful
4
Replies

Server Farm with 3750 and IDS

sjamison
Level 1
Level 1

I want to create a vlan and add all my servers to that vlan to create its own network. I then want to add our new IDS system to sit in front of that server farm so it will alert us on the inside of whats going on...

This server farm will incorporate about 10 servers of various OS (dual homed for redundancy). How can I add the IDS system so that it monitors all incoming and outgoing traffic for that vlan? Can I port monitor a VLAN?

I know of a way to do this, but it requires me buying another switch which I dont want to do. Is there any way to solve this without buying new equipment?

4 Replies 4

a.awan
Level 4
Level 4

Yes you can monitor a source VLAN using a feature called SPAN (port mirroring). The only thing to look out for is oversubscribing the port you will be connecting your IDS to. What i mean is that if you have 10 FE ports in a VLAN and you are monitoring that VLAN out one port the single port might not be able to handle this traffic. Take a look at the following link:

http://www.cisco.com/en/US/products/hw/switches/ps5023/products_configuration_guide_chapter09186a0080212708.html#wp1210541

Is it different than using these commands? Im already spanning ports but Im only limited to two groups even though I have 4 3750's connected it wont let me add any more unless Im going about this the wrong way...

monitor session 1 source interface Gi1/0/1

monitor session 1 destination interface Gi1/0/8

monitor session 2 source interface Gi1/0/4

monitor session 2 destination interface Gi1/0/25

Yes these commands are used to enable SPAN. Unfortunately there is a restriction that you can only support 2 source span sessions on a switch or a switch stack. Instead of using a single source port in a monitor session try using multiple source ports or rouce VLANs to increase your input criteria.

hmm well the problem is the first span is for our IDS that sits outside our firewall. The second span is for our websense internet filtering system on outgoing traffic... neither of those are going to be any help to me on the farm itself....

Review Cisco Networking for a $25 gift card