IDS on Switch

Answered Question
Aug 26th, 2008
User Badges:

How must a switch and IDS be configured, to allow all traffic on the switch to be monitored by the IDS?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
rhermes Tue, 08/26/2008 - 11:06
User Badges:
  • Gold, 750 points or more

If you want to just monitor the traffic passing throught a switch, attach your sensor to interface GigE0/1 and use these commands:

monitor session 1 source interface Fa0/1 - 24 rx

monitor session 1 destination interface Gi0/1

If you want to be able to send TCP Resets back into the switch you'll need to add the "ingress" command on the end of your destination command.

Farrukh Haroon Tue, 08/26/2008 - 12:10
User Badges:
  • Red, 2250 points or more

Can you be more specific in your query?




This Discussion