Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
248
Views
0
Helpful
1
Replies

SPAN and IDS cisco 6509

mateens
Level 1
Level 1

‎04-19-2017 03:19 AM - edited ‎03-08-2019 10:14 AM

I have a question regarding SPAN. My main focus is to detect spams and viruses on the Employee VLAN.(We have server,student,guest and print VLANs too) using an IDS.

Would that traffic be detectable with my SPAN config which mirrors out/in traffic from Interface connected to ISP or should I use only the Employee VLAN int. as the source of the SPAN ?

Lets put it this way, Im confused about the  basic concept of how the traffic looks like when it leaves a vlan and routed out to the internet .

Labels:
0 Helpful
1 Reply 1

Jon Marshall
Hall of Fame
Hall of Fame

‎04-20-2017 07:46 AM

If you use the vlan as the source then you will be seeing on that vlans traffic.

If you use the interface connected to the ISP then you would presumably be seeing all traffic going to the internet which would be traffic from all vlans.

Is this what you are asking ?

Jon

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card