Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

IDS implemenation

Hello,

WE are looking to implement IDS in out network and I have some questions if I get 4250 can I span multiple network segments with the one interface it comes with? For instance say I have 10 subnets 10.0.1.0/24 10.0.10.0/24 would I be able to scan all those networks at once off of our 6509 core. Any recommendation on how to deploy would be appreciated.

David

2 REPLIES
Cisco Employee

Re: IDS implemenation

This is not really a function of the IDS, but more of the switch that it's connected to. you basically plug the monitoring/sniffing port of the 4250 into a switch port, then use either the "span" command or VACL's to send traffic from the switch to that sniffing port.

In short though, with a 6509 you can defintely span multiple VLANs/subnets, no problem there.

You might want to look at the IDSM-2, which is an IDS on a blade that slots right into the 6509, everything is internal to the switch then.

New Member

Re: IDS implemenation

You can use the set span command to monitor an 802.1q or ISL trunk link or use Vlan access list. Spaning an trunk link will allow you to see all vlan traffic.

Using VLAN Access list allows you to define more granular filters for instance.

You can learn this and more at:

http://www.cisco.com/pcgi-bin/Support/browse/psp_view.pl?p=Hardware:Catalyst_6500_Series_Switches&s=Software_Configuration

Carlos Roque

199
Views
0
Helpful
2
Replies
CreatePlease to create content