Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IPS & SW problem

Dear

I need to run my IPS through network i configured my sitch 3560 but when i entered this command :

monitor session 1 destination interface Fa0/24

i lost the connection with IPS.i put the monitoring IPS port at SW port/24 ....

what is the problem?

2 REPLIES
Gold

Re: IPS & SW problem

The "monitor session" commands are only used when you want to passively monitor switch traffic (IDS mode), not run your sensor in-line (IPS mode).

There are two parts to the "monitor session" commands, the source and destination commands.

monitor session source 1 interface fa0/1 - 23 rx

will capture all the transmit AND receive traffic on ports 0/1 thru 0/23

monitor session 1 destination interface Fa0/24

will send the captured traffic port 0/24 to your waiting IDS sensor.

New Member

Re: IPS & SW problem

Ok,

1. do you mean i could not able to use command:

monitor session 1 destination interface Fa0/24.

with IPS traffic.... if yes how can i configure the switch i have just these tow commands at my SW:

monitor session source 1 interface fa0/1 - 23 rx

monitor session 1 destination interface Fa0/24

2. else i have this attached file for my IPS configuration i need your help if can give me your recommendations

3. Finally does SW2950 support command:

switchport trunk encapsulation dot1q.

thank you.

110
Views
0
Helpful
2
Replies