On the assumption people are facilitating their IDS solution through a switch/span environment, what models of switches is everyone using? Our original deployment utilized Cisco Catalyst 2980G-A, while obviously larger and more powerful than was needed, was required by our Network Operations group as it was one of their "approved" models. I am curious what models of Cisco switches people are using with their IDS deployments.
I have recently deployed a Cisco IDS-4210 using an old Catalyst 2900XL. Your solution will depend on where you are deploying your IDS. If you are monitoring traffic before your firewall then a low end Cisco switch will work. You should not need to spend too much money for something outside the firewall. If you are monitoring inside your firewall somewhere in your Trusted network then you can SPAN or mirror a port on a current switch that will be able to look at all packets in the segment your monitoring.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...