I am trying to find the best way/ways to monitor traffic across a campus network. The two solutions I have thought of are using Netflow or ERSPAN. However, neither are supported by the devices in this network. Here is a quick overview of the network...
Core Switches (3750 Stacks) using Layer 3
Distribution Switches (3750 & 3650s) using L3 towards Core and L2 towards Access
Access Switches (Mostly 3500s) using L2
What are the best options for monitoring traffic on this type of network? All links between switches are Gig, so we have plenty of bandwidth. I would really like to be able to setup snort/ntop or something similar.
Are there any solutions available that I could use RSPAN and a monitoring computer at the Access Switches and have them report back to a central monitoring machine? I would prefer a centralized solution.