I have a small lab setup and I am trying to implement an IDS/IPS on the network. I have 3 VLANs setup (10, 20, and 30) with the switch and a router allowing for inter-vlan communication. Port FA 0/1 on the switch is setup as a trunk using 802.1Q connected to a single interface on the router.
I want to be able to monitor traffic on the trunk link on the switch and replicate that to the IDS/IPS host. Is there a way I can mirror traffic from FA 0/1 (the trunk link) to a regular access port on the switch which would connect to the IDS/IPS?
I have seen several articles on Cisco.com saying that you can have a source port as a multi-vlan link, but others say it is not possible. I did not have a chance to get into the lab to test this yet or else I would have.
This is actually going to be a snort IDS. I understand the different modes, but do you think the port that monitors can be just an access port? I was also thinking about putting the snort box inline on the trunk link from the switch to the router and bridging two interfaces on the snort box to inspect traffic and allow it to pass through. Any idea if this would work on a trunk link?
I suspect it would since I think I read snort/Linux can handle dot1q now.
Cisco DNA Software Demo Series - Cisco ThousandEyesRegister nowWednesday, May 12, 202110:00 am Pacific Daylight Time(San Francisco, GMT-07:00)SaaS applications and cloud-based services are increasingly critical for on-campus users, but they can be challen...
New Cisco Champion Radio release on Cisco Smart Building SolutionsListen: https://smarturl.it/CCRS8E16Follow us: https://twitter.com/CiscoChampion Now more than ever, sustainable and flexible building designs are at the forefront of every develo...
DRAFT -- THIS DOCUMENT IS STILL IN DRAFT FORM
MACsec is IEEE standard 802.1AE. It was developed by the IEEE to compliment the 802.1X-2004 standard. MACsec was developed to allow authorized systems to connect and then encrypt data that is transmitt...
Today I'm going to talk about SD-wan including SD-WAN advanced lab ,, first thing let's take a small brief about the SD_WAN. What is SD-WAN? SD-WAN is Software define wide area network and SD-WAN is key part of the technology o...
Leopold Fisher, Cisco Meraki IoT specialist, will introduce you to new and innovative additions to the Meraki portfolio coming in April 2021.
Meraki Vision Session
MV smart camera range is getting big...