Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Group Switching Module required for IDS?

Is a Group Switching Module for the Catalyst 5500 a requirement when using the promiscuous mode interface on the IDS? To clarify, I have two Cat 5500's at two different sites both connected to IDS's. One of them has a Group Switching Module, and works fine. The other only has SPAN enabled, but I can't seem to see any external traffic even with 'snoop'.

In order to rule out a hardware requirement mismatch, I'd like to know if a Group Switching Module is an absolute must or if a Catalyst Switch configured with SPAN is sufficient.

Thanks

1 REPLY
Cisco Employee

Re: Group Switching Module required for IDS?

I don;t think that the Group Switching Module shoudl be necessary.

Just the span shoudl be sufficient.

What type of span are you doing? Is it rx, tx, or both?

My best guess would be that your span has not been configured to monitor that external traffic. Maybe your span is not monitoring rx traffic for those ports connected

The other possibility could be the type of port the traffic is coming in on. Is the traffic coming in from a nonethernet port (like an ATM port)?

I don't know how the span to a sensor will work for nonethernet traffic.

For more information on span you can refer to:

http://www.cisco.com/warp/public/473/41.html

If you can't figure it out then post the following items from your switch:

The configuration of the ports connected to the external network.

The configuration of the sensor port

The configuration of the span command.

The output of "show span"

93
Views
0
Helpful
1
Replies
CreatePlease login to create content