Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

please help with IDS problem

We are trying to track a TCP reset packet on our network. Here is the path: Our sensor sends a TCP reset packet through our edge distribution switch ( a 3550) with the destination MAC of our 6509 Core switch which is set to kill a session that originates from a workstation in the 10.2.211.0 network. By sniffing the span port on the 3550 switch, we can see the reset sent by the IDS. But when we look at the 6509, it is not there. It appears that our edge switches are dumping the reset packets and not passing them through to the 6509. I need some assistance where to look for what is happening here. thanks

1 REPLY
Cisco Employee

Re: please help with IDS problem

Did you enable ingress packets when specificying the monitor destination interface on the 3550?

By default the 3550 will not allow in TCP Reset packets on it's span ports.

You have to include an "ingress" parameter and vlan id.

For more information refer to:

http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12119ea1/3550scg/swspan.htm#81513

90
Views
0
Helpful
1
Replies
CreatePlease login to create content