Cisco Support Community
Community Member

Mirroring traffic on a 7200 for IDS use

I have a 7200 with a T1 to the internet on serial interface. The internal LAN is connected to a Fast Ethernet card on the 7200. How do I mirror the traffic on the T1 serial interface to another ethernet interface on the 7200.



Cisco Employee

Re: Mirroring traffic on a 7200 for IDS use

I don't believe that there is this capability on the 7200 router.

What would be needed is a command similar to the "span" command used on Cisco switches.

I would contact the TAC and have them enter this as an enhancement request for the 7200.

For now you would have to monitor the traffic after it has left the router on the Fast Ethernet interface.

By placing the sensor's sniffing interface on a Hub attached to the router, or placing the sensor's sniffing interface on the span port of a switch connected to the router. If the router is connected directly to another routing device or Firewall you could use a ethernet tap and then take the two outputs of the tap and attach them to a 2900 switch. The span the 2 ports to a third port where the sensor sniffing interface is attached.

CreatePlease to create content