First let me clear up some confusion on terminology.
The sensor appliances have 2 or more interfaces.
One interface is the command and control interface. This interface is assigned an ip address (by the setup command in version 4.x) and is used for communicating with the IDS management stations (and your desktop machine if using the CLI and/or IDM).
The command and control interfaces do NOT support connecting to a Trunk port of a switch.
The sensor (in version 4.x) can not be configured to monitor the command and control port.
The other interfaces of the sensor are known as the sensing interfaces.
These other interfaces are used for receiving traffic for monitoring.
The sensing interfaces are capable of being connected to a 802.1q trunk port, and the software is capable of analyzing the 802.1q trunk traffic.
(NOTE: This is true of all sensor appliances running version 4.x including the 4230).
When monitoring a switch, and you want traffic from multiple vlans to be monitored by the sensor, then the following steps are usually followed:
On the switch itself configure the port connected to the sensor to be a 802.1q trunk port.
NOTE: The sensor does not participate in auto negotiation of the trunk so you will need to force the trunking "on" in the switch configuration.
Setup the trunk port to trunk those vlans you want monitored. In your case the 9 vlans of interest.
NOW you must still use Span or VACL Capture (VACL Capture is only on the Cat 6500 switches) to forward the traffic from those vlans to the sensor port.
Some users have incorrectly assumed that making the sensor's port a trunk port was enough to get the packets to be sent to the sensor for monitoring. This is incorrect. You still need to use SPAN or VACL Capture to tell the switch to send a copy of the packets to the sensor. The trunking just allows the packets to be copied with 802.1q trunk headers and allows the monitoring of multiple vlans through SPAN or VACL Capture.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...