Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
655
Views
0
Helpful
2
Replies

IDS implemenation

dedube23
Level 1
Level 1

‎01-05-2004 08:14 AM

Hello,

WE are looking to implement IDS in out network and I have some questions if I get 4250 can I span multiple network segments with the one interface it comes with? For instance say I have 10 subnets 10.0.1.0/24 10.0.10.0/24 would I be able to scan all those networks at once off of our 6509 core. Any recommendation on how to deploy would be appreciated.

David

Labels:
0 Helpful
2 Replies 2

gfullage
Cisco Employee
Cisco Employee

‎01-05-2004 05:57 PM

This is not really a function of the IDS, but more of the switch that it's connected to. you basically plug the monitoring/sniffing port of the 4250 into a switch port, then use either the "span" command or VACL's to send traffic from the switch to that sniffing port.

In short though, with a 6509 you can defintely span multiple VLANs/subnets, no problem there.

You might want to look at the IDSM-2, which is an IDS on a blade that slots right into the 6509, everything is internal to the switch then.

0 Helpful

minoc
Level 1
Level 1

‎01-10-2004 02:28 PM

You can use the set span command to monitor an 802.1q or ISL trunk link or use Vlan access list. Spaning an trunk link will allow you to see all vlan traffic.

Using VLAN Access list allows you to define more granular filters for instance.

You can learn this and more at:

http://www.cisco.com/pcgi-bin/Support/browse/psp_view.pl?p=Hardware:Catalyst_6500_Series_Switches&s=Software_Configuration

Carlos Roque

0 Helpful
Customers Also Viewed These Support Documents