Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Confirm my config .. please

Hi,

Can someone please confirm if I am thinking along the right lines?

I want to capture traffic on 6500a vlan 333 and sent it to 6500B which has an IDSM blade.

Is this all I need to do?

(coss-over) cable from 6500a to 6500b

Create remote span vlan 444 on both switches

6500a(config)#monitor session 2 source vlan 333 rx

6500a(config)#monitor session 2 destination remote vlan 444 gigiabit 5/40

configure port 5/40 for 801.1q (cable to 6500b)

6500b

6500b(config)#ip access-list extended CAPTURE

6500b(config-ext-nacl)#permit ip any any

6500b (config)# vlan access-map CAPTURE 10

6500b (config-access-map)# match ip address CAPTURE

6500b (config-access-map)# action forward capture

6500b (config-access-map)# exit

6500b (config)# vlan filter CAPTURE vlan-list 444

6500b (config)#intrusion-detection module 6 data-port 1 capture

6500b (config)#intrusion-detection module 6 data-port 1 capture allowed-vlan 444

configure port 4/40 for 801.1q (cable to 6500a)

Do I need to configure monitor sessions on 6500b? Please advise of anything else I have missed out.

Thanks in advance,

-Ciscobloke

1 REPLY
Silver

Re: Confirm my config .. please

You need to configre monitor sessions .All your configurations are correct

128
Views
0
Helpful
1
Replies
CreatePlease login to create content