TCP reset from IPS (in passive mode) on 3550 swich with RSPAN/SPAN

Unanswered Question
Sep 10th, 2007


I was wondering if it is possible to get the tcp reset from IPS (in passive monitoring mode) using RSPAN/SPAN on 3550 switches, does the switch require an extra command in order to accept traffic from monitoring interface (IPS TCP reset).


thanks in advance

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Anonymous (not verified) Fri, 09/14/2007 - 13:45

Actually it is the "Inpkts" parameter on CatOS that allows it to accept inbound traffic on the SPAN destination. The "learning" is

to disable MAC address learning, since the IDS will spoof the MAC address of the server when it sends a TCP RST back to the client. So disable Mac learning on the switch.


This Discussion