Hello all,
I am hoping you can provide me with some opinions, feedback, thoughts on the following.
We have some Cisco 6509 switches in our environment currently hitting around 60% usage on the Router overall statistics.
Now we are looking at implementing an intrusion detection system but by being as least invasive as possible to the network. Our thoughts are to utilise a SPAN port on the switches to send traffic to the NIDS device but we have concerns of the following.
The limitations of SPAN sessions on 6509's
The overhead on the switch of turning a SPAN session on and leaving it on permanently...
Please be generous and donate your 2c