Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
380
Views
0
Helpful
1
Replies

IPS 4240 on IDS - SPAN issue

J_Vansen_S
Level 3
Level 3

‎10-16-2009 08:10 PM - edited ‎03-10-2019 04:48 AM

Device: IPS 4240

MOde: all 4 interfaces on Promiscuous

Objective: To monitor 4 different vlans namely vlan 10,20,30,40 across the network.

There are 8 switches on my network with vlan 10 - 40 info (vtp trunk)

How do i configure SPAN on VLANs that exist on all my access switches

I tried configuring on the access switch where the IPS interfaces are connected to.

monitor session 1 source vlan 10 , 20 , 30, 40

monitor session 1 destination interface Gi0/1 - 4

Did a mass ping from vlan 10 to its gateway

Checked my IPS interfaces status, i seem to be receiving packets on all 4 interfaces. Shouldnt i be receiving packets on the correct IPS interfaces that the vlan is destined?

Please advise

Labels:
0 Helpful
1 Reply 1

dhananjoy chowdhury
Level 5
Level 5

‎10-17-2009 10:22 PM

monitor session 1 source vlan 10 , 20 , 30, 40

monitor session 1 destination interface Gi0/1

The above commands will span the traffic (tx/rx) traffic in ALL the vlans 10,20,30,40 , but this will be limited to traffic only the switch on which this is configured.

For getting traffic in the same vlans but on other switches, you will have to configure RSPAN.

Refer to this link for more details.

http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a008015c612.shtml

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card