SPAN port - IDS sniffing

Unanswered Question
Jul 3rd, 2008

Thank you in advance for helping me.


I purchase a Cisco Catalyst 500 Express switch. When need to use it with a SPAN port (or Trunk). I have seen in some documentation how to configure the SPAN port on this specific model. (using the CNA, smartports et Diagnostics port) The fact is that i'm not able to sniff the whole VLAN. I can only sniff on 1 port if I use this option. I think it's the only way that switch can sniff. But we buyed this switch for IDS listing on VLAN. Is there a way how we can do it ?


example :

Fa01 to Fa015 are VLAN 2, Fa15 is the stealth card of the IDS, so Fa15 is Diagnostics configured and the Ingress Vlan is the VLAN 2 (butu it ask for a specific port) so the port I specify is the only port i'll be able to see the traffic. But I want to see traffic between the whole VLAN2.


Anyone can help me ? Or should I buy a better switch ?


Thank you again !

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
David Stanford Fri, 07/04/2008 - 10:44

I don't think you an do that level of detail on the CE500. It will let you select a port and ingress VLAN, but not multiple of either. You'd something like another switch with a NAM to get this leve of detail.


Also, the CE500 supports Local SPAN and does not support Remote SPAN.

Actions

This Discussion