I am in a situation where I need to connect a Cisco IPS4255 as a passive IDS device to a foundry BigIron 8000. What I would prefer is to mirror the traffic on some VLANS on the switch to a port on my IPS. The problem is that this device does not seem to support VLAN mirroring and only supports port mirroring and what I want to monitor is vlan's that reside on trunk ports.
How does port mirroring work? Are all the data copied to another port with their VLAN id's? I really do not want to overwhelm the IDS with the traffic of VLANS that I do not want to check via IDS. If I make a trunk port to the IDS say VLAN 200 and I mirror a port on the switch containing VLANS 2,200,204,205 how does this work out? Does the data on vlan 200 get mirrored only?
Thanks in advance