How to get more than two monitor sessions on 3750G

Unanswered Question
Nov 29th, 2007

We are deploying several (6) IDS sensors to monitor traffic on various VLANs on the core router/switch 3750Gs. I can only do two SPAN monitor sessions. Is there a workaround with SPAN or RSPAN so I can mirror/capture traffic for the many IDS sensors? Thanks.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Collin Clark Thu, 11/29/2007 - 13:53

Physical taps can help. Google 'network tap' for mfg's.

HTH and please rate.

chuck007 Thu, 11/29/2007 - 13:59

Yes, I thought about physical taps for the router links. But as for the many VLANs that live on the core router, I won't be able to tap in. Anyway around it?

Collin Clark Thu, 11/29/2007 - 14:05

I would think that their higher-end products you would be able to trunk multiple VLANS to a single TAP. We span multiple source VLANs to a single destination port for IDS.

CORE1#sh mon

Session 1

---------

Type : Local Session

Source VLANs :

Both : 26,30,104,300,603

Destination Ports : Gi7/1

chuck007 Thu, 11/29/2007 - 15:00

The 3750Gs can do multiple source and multiple destinations, but only 2 sessions. Thus I can only do a source-destination pair session only twice. I may just have to SPAN many VLANs and ports, and then have the IDS sensors filter out the unwanted traffic as needed. I'm trying to see if RSPAN can overcome this limitation. Keep the ideas flowing. Thanks.

Actions

This Discussion