Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
607
Views
0
Helpful
6
Replies

Can IDSM perform RSPAN on Cat4K?

laimf
Level 1
Level 1

‎04-22-2002 10:46 PM - edited ‎03-08-2019 10:23 PM

Hi, the scenario is I wish to span the traffic going through the port on one of my Cat4K in the network which is connected to a Router going to the Internet. With the installed IDSM, is it able to span the port on the Cat4K that is connected to the router?

Thanks n Regards.

Labels:
0 Helpful
6 Replies 6

marcabal
Cisco Employee
Cisco Employee

‎04-22-2002 11:51 PM

Are you talking about a Cat4K or a Cat 6K?

The IDSM is only supported in the Cat6K.

IDSM= Intrusion Detection System Module for the Cat6K

If you are talking about a Cat6K with an IDSM, and the Cat6K is connected to the

router then you can span the port connected to the router to the IDSM port 1.

If you are talking about a Cat4K connected to both the Cat6K and the router then this gets very tricky. RSPAN is not supported in the Cat4K the last time I checked. I also don't recommend spanning from one switch into another because you can create bridging loops that can bring down your switches if you are not carefull.

If you are on the other hand talking about a Cat 4K with an external IDS Appliance rather than the Cat6K IDS Module then it's easy. Simply span the router port to the IDS Appliance.

0 Helpful

laimf
Level 1
Level 1
In response to marcabal

‎04-24-2002 12:13 AM

Yes, I'm talking about "If you are talking about a Cat4K connected to both the Cat6K and the router then this gets very tricky. RSPAN is not supported in the Cat4K the last time I checked. "

I'm considering doing that is because the external router is connected to the Cat4K, which both of them are in the same room. And then, the cat4K is linked to the Cat6K which is in a separate building. The IDSM is running in the Cat6K and that's make me wonder if I could do a rspan on the Cat4K on the Cat6k with the IDSM.

Rgd the RSPAN on Cat4K, I've come across a note on cisco web site saying the CatOS ver 5 onwards are able to do that. If doing RSPAN is not recommended, is there any other recommendation on doing that?

Your advice is very much appreciated. Thank you.

0 Helpful

marcabal
Cisco Employee
Cisco Employee
In response to laimf

‎04-25-2002 04:44 AM

According to the links that the other gentlemam posted, it looks like RSPAN is supported in version 6.3 of Cat OS for the Cat 4K.

So it looks like you should be able to set the router port on the Cat 4K as an RSPAN source port, and the IDSM port on the Cat 6K as the RSPAN destination port.

When you setup the RSPAN on the Cat 4K you will want to span both tx and rx for the router port.

I have successfully done this between 2 Cat6Ks, so now that RSPAN is supported in the Cat 4K this should work as well.

0 Helpful

laimf
Level 1
Level 1
In response to marcabal

‎05-08-2002 11:58 PM

Hi, thanks alot for your advice.

Before I try configuring the RSPAN on the the currently operating network. May I have your opinion on whether is it advisable to configure RPSAN and Is there any other way of monitoring the router traffic besides moving the router to the Cat6K?

Thanks & Regards,

Moh Fun.

0 Helpful

jekrauss
Level 1
Level 1

‎04-24-2002 06:07 PM

Yes, you can use RSPAN to capture traffic for the IDSM.

Jeff

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents