IDS deployment with redundant configuration

Unanswered Question
Mar 19th, 2009
User Badges:


I have the following setup and i would like to be sure that the reasoning & configuration is correct:

2 aggregation switches A & B are connected via a trunk and are redundant. we have 1 IDS that is going to be connected only to switch A. we would like to monitor the incoming traffic. Thus I am planning to configure RSPAN as the attached configuration.

correct me if it's wrong.

thank you


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Yudong Wu Thu, 03/19/2009 - 15:37
User Badges:
  • Gold, 750 points or more

One thing you missed is "monitor session 3 destination remote vlan 300 reflector-port Fa x/y" where Fa x/y is any unused port.

I did not use your way to configure RSPAN. Therefore, I can not comment.

I did use the following config to do RSPAN and I know it works. vlan 900 is rspan vlan.


monitor session 1 source vlan 20 rx

monitor session 1 destination remote vlan 900 reflector-port Fa0/3

switch-2 (IDS connected to Fa0/1)

monitor session 1 source vlan 10 , 900 rx

monitor session 1 destination interface Fa0/1

jeansamarani Sat, 03/21/2009 - 02:04
User Badges:


i didn't understand where to put this command and for what ?

can you please elaborate?

thank you.


Giuseppe Larosa Sat, 03/21/2009 - 06:33
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Jean,

for sure you don't need to put in the remote span vlan the destination port.

And you don't need to configure a second session with destination rspan on switchA.

This is not requested and not done usually.

Depending on the switch platform and model remote span may require to use a physical port as a "mirror" this port is not usable and takes part in the remote span solution.

This is the meaning of reflector port

I try to guess you have C3750 switches.

Have a look at the config guide

I don't see the need for the reflection port but this can be also IOS dependent.

Hope to help


Yudong Wu Sat, 03/21/2009 - 11:04
User Badges:
  • Gold, 750 points or more

Hi Jean,

Giuseppe has pointed to the reason. Thanks Giuseppe.

I configured RSPAN on 3550. It looks like differenct from 3750. So you don't need "reflector-port".


This Discussion