I have a small lab setup and I am trying to implement an IDS/IPS on the network. I have 3 VLANs setup (10, 20, and 30) with the switch and a router allowing for inter-vlan communication. Port FA 0/1 on the switch is setup as a trunk using 802.1Q connected to a single interface on the router.
I want to be able to monitor traffic on the trunk link on the switch and replicate that to the IDS/IPS host. Is there a way I can mirror traffic from FA 0/1 (the trunk link) to a regular access port on the switch which would connect to the IDS/IPS?
I have seen several articles on Cisco.com saying that you can have a source port as a multi-vlan link, but others say it is not possible. I did not have a chance to get into the lab to test this yet or else I would have.
This is actually going to be a snort IDS. I understand the different modes, but do you think the port that monitors can be just an access port? I was also thinking about putting the snort box inline on the trunk link from the switch to the router and bridging two interfaces on the snort box to inspect traffic and allow it to pass through. Any idea if this would work on a trunk link?
I suspect it would since I think I read snort/Linux can handle dot1q now.
New release on Emerging Technologies and Incubation Listen: https://smarturl.it/CCRS8E19Follow us: https://twitter.com/CiscoChampion Last year, Cisco created the Emerging Technologies and Incubation organization which is on a mission to rev...
On 16th April 2021 Cisco recently announced availability of the latest release on the IOS-XE train – IOS-XE Bengaluru 17.5.1a.
This is the 2nd one in the Cisco IOS XE Bengaluru release series, IOS XE 17.5.1a unlocks various routing features and ...
New to IPv6? Trying to wrap your head around concepts like IPv6 addressing, solicited-node multicast, and just how, exactly, does all this work without ARP? Never fear, Fish Fishburne is here to help with this blog series she wishes had been out there whe...
Cisco recently announced availability of the latest release on the IOS-XE train – IOS-XE 17.5.1. This is a standard maintenance release supporting Switching, Wireless, SP-Access, Routing as well as IOT (Internet of Things) platforms wi...
Support Talks- How to determine a legitimate hardware issue
(Live event - Thursday 13 May, 2020 at 9:30 am Pacific/ 12:30 pm Eastern / 6:30 pm Paris)
This event will place on Thursday 13th, May 13 at 9:30hrs PST
Register today for this Suppor...