currently have a hub for our DMZ and I wanted to VLAN off some severs that have no reason to communicate. But we also need to monitor (IDS) all traffic within the DMZ. How could I achieve this - SPAN multiple ports, trunking, or please suggest any other method and requirements to accomplish. Thanks
Did you mean switch instead of hub? You don't see multiple VLANs in a DMZ all that often because each VLAN requires its own subnet. The methods I've used on Cisco switches are PVLANs (if your switch supports it), the "protected port" feature, and access lists applied to individual switch ports.
You can, however, generally SPAN multiple VLANs to a single port if you choose to go that route.
Thanks for the response. I did mean hub and don't know if this is the best solution to protect my DMZ. It sounds like your suggestion would be much simpler than having 5 VLANs with 5 different subnets. Do you have any sample config's or documentations on PVLANs and "protected port" feature.
The reason I asked if you meant hub or switch is because the features you mentioned are specific to switches. PVLANs and protected ports are specific to Cisco switches, in fact, though similar features may exist in other implementations.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...