Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Monitoring WAN (internally)

Is there any type of configuration for a 7206 to SPAN or monitor traffic? I am running mutiple 7206 with inbound DS3 and outbound VXR (SVC/PVC)connections to other sites (i.e traffic never leaves the router). How could I implement a spanning feature to monitor the traffic on those links? My thoughts were to maybe create VLAN's for the interconnects and try to span those links, but not sure if that is even feasible. My motive behind this is for IDS implementation for monitoring internal traffic.

Thank you,

Chris

  • Other Network Infrastructure Subjects
1 REPLY
New Member

Re: Monitoring WAN (internally)

Hello,

There is no way to span a port in a VXR. You could use PBR to redirect WAN traffic to an external router and then back to the VXR and put a switch in the middle for SPAN but that will most likely cause more trouble than it's worth. I would consider deploying a 6500 or 7600 with a flexwan module and use vacls to capture WAN interface traffic. Then use either an IDSM module or connect an external IDS to a GigE port to monitor the captured traffic.

Here is config example for the flexwan:

!

vlan access-map wan 100

match ip address 100

action forward capture

!

vlan filter wan interface serial 4/1/1

!

access list 100 permit tcp any any

!

interface gigabitEthernet 5/1

switchport capture

!

Good luck,

Jim

162
Views
0
Helpful
1
Replies
This widget could not be displayed.