IDS on Switch

Answered Question
Aug 26th, 2008

How must a switch and IDS be configured, to allow all traffic on the switch to be monitored by the IDS?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
rhermes Tue, 08/26/2008 - 11:06

If you want to just monitor the traffic passing throught a switch, attach your sensor to interface GigE0/1 and use these commands:

monitor session 1 source interface Fa0/1 - 24 rx

monitor session 1 destination interface Gi0/1

If you want to be able to send TCP Resets back into the switch you'll need to add the "ingress" command on the end of your destination command.


This Discussion