Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IDSM-2 ACL configuration?

Hi,

I’m in the process of implementing two IDSM-2 modules in a pair of CAT6500. I would like to monitor approximately 15 VLANs which all have a VLAN interface and HSRP configured. To share the switching load CAT01 is configured as the primary HSRP address for 8 of the 15 VLANs.

To mirror this load sharing with IDS traffic I’m proposing to configure traditional ACLs (i.e. not VACLs) and apply these to the VLAN interfaces with the “mls ip ids” command. Is anyone aware of any known limitations with this configuration?

Thanks

Paul

2 REPLIES
New Member

Re: IDSM-2 ACL configuration?

Any update on this ?

New Member

Re: IDSM-2 ACL configuration?

Here is a summary of the response I got from Cisco:

VACL Capture is the Cisco recommended method for most installations.

If you are only interested in capturing packets being routed between VLANs then you can use “mls ip ids” with a traditional ACL. However, as it is designed to only capture traffic in one direction “mls ip ids” needs to be applied to both the egress and ingress interfaces.

570
Views
0
Helpful
2
Replies