Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IDS deployment with redundant configuration

Hello,

I have the following setup and i would like to be sure that the reasoning & configuration is correct:

2 aggregation switches A & B are connected via a trunk and are redundant. we have 1 IDS that is going to be connected only to switch A. we would like to monitor the incoming traffic. Thus I am planning to configure RSPAN as the attached configuration.

correct me if it's wrong.

thank you

Jean

5 REPLIES

Re: IDS deployment with redundant configuration

One thing you missed is "monitor session 3 destination remote vlan 300 reflector-port Fa x/y" where Fa x/y is any unused port.

I did not use your way to configure RSPAN. Therefore, I can not comment.

I did use the following config to do RSPAN and I know it works. vlan 900 is rspan vlan.

switch-1

monitor session 1 source vlan 20 rx

monitor session 1 destination remote vlan 900 reflector-port Fa0/3

switch-2 (IDS connected to Fa0/1)

monitor session 1 source vlan 10 , 900 rx

monitor session 1 destination interface Fa0/1

New Member

Re: IDS deployment with redundant configuration

Hi,

i didn't understand where to put this command and for what ?

can you please elaborate?

thank you.

Jean

Hall of Fame Super Silver

Re: IDS deployment with redundant configuration

Hello Jean,

for sure you don't need to put in the remote span vlan the destination port.

And you don't need to configure a second session with destination rspan on switchA.

This is not requested and not done usually.

Depending on the switch platform and model remote span may require to use a physical port as a "mirror" this port is not usable and takes part in the remote span solution.

This is the meaning of reflector port

I try to guess you have C3750 switches.

Have a look at the config guide

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_44_se/configuration/guide/swspan.html#wp1073772

I don't see the need for the reflection port but this can be also IOS dependent.

Hope to help

Giuseppe

Re: IDS deployment with redundant configuration

Hi Jean,

Giuseppe has pointed to the reason. Thanks Giuseppe.

I configured RSPAN on 3550. It looks like differenct from 3750. So you don't need "reflector-port".

New Member

Re: IDS deployment with redundant configuration

thanks Guys !!

149
Views
0
Helpful
5
Replies