Hi, the scenario is I wish to span the traffic going through the port on one of my Cat4K in the network which is connected to a Router going to the Internet. With the installed IDSM, is it able to span the port on the Cat4K that is connected to the router?
IDSM= Intrusion Detection System Module for the Cat6K
If you are talking about a Cat6K with an IDSM, and the Cat6K is connected to the
router then you can span the port connected to the router to the IDSM port 1.
If you are talking about a Cat4K connected to both the Cat6K and the router then this gets very tricky. RSPAN is not supported in the Cat4K the last time I checked. I also don't recommend spanning from one switch into another because you can create bridging loops that can bring down your switches if you are not carefull.
If you are on the other hand talking about a Cat 4K with an external IDS Appliance rather than the Cat6K IDS Module then it's easy. Simply span the router port to the IDS Appliance.
Yes, I'm talking about "If you are talking about a Cat4K connected to both the Cat6K and the router then this gets very tricky. RSPAN is not supported in the Cat4K the last time I checked. "
I'm considering doing that is because the external router is connected to the Cat4K, which both of them are in the same room. And then, the cat4K is linked to the Cat6K which is in a separate building. The IDSM is running in the Cat6K and that's make me wonder if I could do a rspan on the Cat4K on the Cat6k with the IDSM.
Rgd the RSPAN on Cat4K, I've come across a note on cisco web site saying the CatOS ver 5 onwards are able to do that. If doing RSPAN is not recommended, is there any other recommendation on doing that?
Before I try configuring the RSPAN on the the currently operating network. May I have your opinion on whether is it advisable to configure RPSAN and Is there any other way of monitoring the router traffic besides moving the router to the Cat6K?
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...