IPS & SW problem

tareqrebhi · ‎08-09-2007

Dear

I need to run my IPS through network i configured my sitch 3560 but when i entered this command :

monitor session 1 destination interface Fa0/24

i lost the connection with IPS.i put the monitoring IPS port at SW port/24 ....

what is the problem?

rhermes · ‎08-09-2007

The "monitor session" commands are only used when you want to passively monitor switch traffic (IDS mode), not run your sensor in-line (IPS mode).

There are two parts to the "monitor session" commands, the source and destination commands.

monitor session source 1 interface fa0/1 - 23 rx

will capture all the transmit AND receive traffic on ports 0/1 thru 0/23

monitor session 1 destination interface Fa0/24

will send the captured traffic port 0/24 to your waiting IDS sensor.

tareqrebhi · ‎08-12-2007

Ok,

1. do you mean i could not able to use command:

monitor session 1 destination interface Fa0/24.

with IPS traffic.... if yes how can i configure the switch i have just these tow commands at my SW:

monitor session source 1 interface fa0/1 - 23 rx

monitor session 1 destination interface Fa0/24

2. else i have this attached file for my IPS configuration i need your help if can give me your recommendations

3. Finally does SW2950 support command:

switchport trunk encapsulation dot1q.

thank you.