Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

How to best use IDSM in promiscuous mode?

Hi folks

I need some input and ideas how to best set up my IDSM2 module.

Today I have the module set up to capture traffic from the 6513 using SPAN in both directions and two different firewalled VLANs as sources. The destination is data-port 1 on the IDSM. This setup is working fine but I'm curious as how to best use the second data-port. Our 6513 runs IOS 12.2(18)SXF3 and has a limit of only one SPAN session set up to capture an entire VLAN in both directions.

My idea was to use the second data-port as SPAN destination for our external/non-firewalled VLAN, but this isn't allowed.

Does anyone have or had a similar problem? Would using a VLAN access list with data-port 2 as destination be an option or are the dual IDSM interfaces mainly used for inline mode?

Regards

Fredrik Hofgren

4 REPLIES
Community Member

Re: How to best use IDSM in promiscuous mode?

Fredrik,

I am using VACLs in the switch that has the IDSM. This will preserve your SPAN sessions.

You can specify which vlans go to which port on the IDSM.

We actually have our external vlan set up as an inline vlan pair on data port 2.

Community Member

Re: How to best use IDSM in promiscuous mode?

Excellent

Might have a go at that idea with inline vlan pair for the external vlan. You using version 5.1 for the IDSM?

Community Member

Re: How to best use IDSM in promiscuous mode?

I'm on 6.0 I don't remember if 5.x did inline vlan pairs.

Community Member

Re: How to best use IDSM in promiscuous mode?

It does. Will try it next week

181
Views
0
Helpful
4
Replies
CreatePlease to create content