Configuring 4200 IPS to promiscuous mode

p-allen · ‎08-07-2007

We are changing our 4200 from inline mode to promiscuous mode that is connected to our redunant 6509 core switches. Internally we disagree if we need to create a span on the 6509's to send the traffic to the 4200. Has anybody doen this or does anyone know how this is to be configured. Any help would be great.

mhellman · ‎08-07-2007

How did you have it inline before? You might be able to simply tap that link. Otherwise, you can use SPAN, RSPAN or VACL's.

Here's some documentation that talks about SPAN versus VACL:

http://www.ciscopress.com/articles/article.asp?p=25329

Here's some documentation on using VACL(s):

http://www.cisco.com/warp/public/473/vacl-catos6k.pdf

p-allen · ‎08-07-2007

we have never had it in promiscuous mode before. I think we need to do a SPAN and my co-worker disagrees. If I understand you correctly you are saying we need a SPAN...correct???

mhellman · ‎08-07-2007

yes, or VACLs. At least, I can't think of any other way to get all the switch traffic down to a single port or couple ports. You certainly can't just plug it into a switch port in promiscuous mode and expect to see all traffic.