cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
459
Views
0
Helpful
5
Replies

IDS deployment with redundant configuration

jeansamarani
Level 1
Level 1

Hello,

I have the following setup and i would like to be sure that the reasoning & configuration is correct:

2 aggregation switches A & B are connected via a trunk and are redundant. we have 1 IDS that is going to be connected only to switch A. we would like to monitor the incoming traffic. Thus I am planning to configure RSPAN as the attached configuration.

correct me if it's wrong.

thank you

Jean

5 Replies 5

Yudong Wu
Level 7
Level 7

One thing you missed is "monitor session 3 destination remote vlan 300 reflector-port Fa x/y" where Fa x/y is any unused port.

I did not use your way to configure RSPAN. Therefore, I can not comment.

I did use the following config to do RSPAN and I know it works. vlan 900 is rspan vlan.

switch-1

monitor session 1 source vlan 20 rx

monitor session 1 destination remote vlan 900 reflector-port Fa0/3

switch-2 (IDS connected to Fa0/1)

monitor session 1 source vlan 10 , 900 rx

monitor session 1 destination interface Fa0/1

Hi,

i didn't understand where to put this command and for what ?

can you please elaborate?

thank you.

Jean

Hello Jean,

for sure you don't need to put in the remote span vlan the destination port.

And you don't need to configure a second session with destination rspan on switchA.

This is not requested and not done usually.

Depending on the switch platform and model remote span may require to use a physical port as a "mirror" this port is not usable and takes part in the remote span solution.

This is the meaning of reflector port

I try to guess you have C3750 switches.

Have a look at the config guide

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_44_se/configuration/guide/swspan.html#wp1073772

I don't see the need for the reflection port but this can be also IOS dependent.

Hope to help

Giuseppe

Hi Jean,

Giuseppe has pointed to the reason. Thanks Giuseppe.

I configured RSPAN on 3550. It looks like differenct from 3750. So you don't need "reflector-port".

thanks Guys !!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco