Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Mirror all traffic to one port or use a network tap

Hi

I am about to setup an IDS on our network, I have two options - 1 is simply mirror all traffic through one port, 2 is to use a network trap. I am not a big fan of adding the network trap, I am OK with using port replication/mirroring as long as that should not cause too much overhead of the switch. Anyone tried this before ? Did the switch CPU consumption change ?

Regards

Everyone's tags (5)
1 REPLY
Silver

Re: Mirror all traffic to one port or use a network tap

HI Ali,

A successful IDS deployment doesn't need heavy CPU horsepower. It does, however, need to be connected to the network properly and have enough storage to allow useful analysis of the data .

You can install the IDS via a span port on a switch, for example, or via a network tap. Each method has its advantages and disadvantages.

We tried it one our firewall but CPU was hitting 100 % most of the time so we end up upgrading the hardware.

Please check this link for more details.

http://www.networkcomputing.com/data-networking-management/setting-up-an-intrusion-detection-system/229620735?pgno=1

Please rate if this information is helpful.

thanks

1981
Views
0
Helpful
1
Replies