Re: How to best use IDSM in promiscuous mode?

hoffa2000 · ‎09-20-2007

Hi folks

I need some input and ideas how to best set up my IDSM2 module.

Today I have the module set up to capture traffic from the 6513 using SPAN in both directions and two different firewalled VLANs as sources. The destination is data-port 1 on the IDSM. This setup is working fine but I'm curious as how to best use the second data-port. Our 6513 runs IOS 12.2(18)SXF3 and has a limit of only one SPAN session set up to capture an entire VLAN in both directions.

My idea was to use the second data-port as SPAN destination for our external/non-firewalled VLAN, but this isn't allowed.

Does anyone have or had a similar problem? Would using a VLAN access list with data-port 2 as destination be an option or are the dual IDSM interfaces mainly used for inline mode?

Regards

Fredrik Hofgren

gmherring · ‎09-21-2007

Fredrik,

I am using VACLs in the switch that has the IDSM. This will preserve your SPAN sessions.

You can specify which vlans go to which port on the IDSM.

We actually have our external vlan set up as an inline vlan pair on data port 2.

hoffa2000 · ‎09-21-2007

Excellent

Might have a go at that idea with inline vlan pair for the external vlan. You using version 5.1 for the IDSM?

gmherring · ‎09-21-2007

I'm on 6.0 I don't remember if 5.x did inline vlan pairs.

hoffa2000 · ‎09-21-2007

It does. Will try it next week