Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3764
Views
0
Helpful
1
Replies

Mirror all traffic to one port or use a network tap

splendor_systems
Level 1
Level 1

‎09-04-2012 03:17 AM - edited ‎03-07-2019 08:40 AM

Hi

I am about to setup an IDS on our network, I have two options - 1 is simply mirror all traffic through one port, 2 is to use a network trap. I am not a big fan of adding the network trap, I am OK with using port replication/mirroring as long as that should not cause too much overhead of the switch. Anyone tried this before ? Did the switch CPU consumption change ?

Regards

Labels:
0 Helpful
1 Reply 1

singhaam007
Level 3
Level 3

‎09-21-2012 05:26 PM

HI Ali,

A successful IDS deployment doesn't need heavy CPU horsepower. It does, however, need to be connected to the network properly and have enough storage to allow useful analysis of the data .

You can install the IDS via a span port on a switch, for example, or via a network tap. Each method has its advantages and disadvantages.

We tried it one our firewall but CPU was hitting 100 % most of the time so we end up upgrading the hardware.

Please check this link for more details.

http://www.networkcomputing.com/data-networking-management/setting-up-an-intrusion-detection-system/229620735?pgno=1

Please rate if this information is helpful.

thanks

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card