I am looking at moving from a L2 switched network to a L3 switched network at my access layer. In this design my access layer can consist of 3560, 3750, or 4500 switches with layer 3 links to my distribution or my core.
My issue is that in the L2 access model it is easy to monitor all traffic as the root is of the core switch.
When I move to a L3 access model is there a way to monitor all the traffic at the acccess switches without deploying IDS to each access closet?
Current requirements are to monitor user traffic as close the access port as possible.
Also are there any issues if I montor the L3 links between the access and distribution via IDS with L3 routing and loadbalancing in place?
Thanks in advance.