Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
322
Views
0
Helpful
1
Replies

Configure IDSM with RSPAN

naorelkayam
Level 1
Level 1

‎12-19-2006 11:30 PM - edited ‎03-10-2019 03:23 AM

Hi

We have here two 6509 switches with an IDSM blade in each one.

I want one of them to monitor a remote port on a remote switch.

But I can not see traffic on the IEV.

That is the configuration I used:

We have a pre configured RSPAN vlan (555) on our VTP servers.

1. on the remote switch:

monitor session 2 source interface Gi6/37

monitor session 2 destination remote vlan 555

2. on the 6509:

monitor session 2 source remote vlan 555

monitor session 2 destination intrusion-detection-module 2 data-port 2

3. on the IEV:

made a new filter with the scope of addresses used on that network.

made a new view using the filter I made.

If I forgot something tell me...

Thank You!!

Labels:
0 Helpful
1 Reply 1

scothrel
Level 3
Level 3

‎12-20-2006 11:53 AM

Not my area of expertise (RSPAN), but did you set up the IDSM2 ports to allow the proper vlans? This would be a switch config item, not an IPS config item.

Also, if you are running IPS 5 or 6, you can use the "packet" command to display what the IPS sensor is seeing on its sensing ports. Its a good way to see that your traffic is getting to the sensor.

Scott

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card