Im in the process of implementing two IDSM-2 modules in a pair of CAT6500. I would like to monitor approximately 15 VLANs which all have a VLAN interface and HSRP configured. To share the switching load CAT01 is configured as the primary HSRP address for 8 of the 15 VLANs.
To mirror this load sharing with IDS traffic Im proposing to configure traditional ACLs (i.e. not VACLs) and apply these to the VLAN interfaces with the mls ip ids command. Is anyone aware of any known limitations with this configuration?
Here is a summary of the response I got from Cisco:
VACL Capture is the Cisco recommended method for most installations.
If you are only interested in capturing packets being routed between VLANs then you can use mls ip ids with a traditional ACL. However, as it is designed to only capture traffic in one direction mls ip ids needs to be applied to both the egress and ingress interfaces.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...