Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
311
Views
0
Helpful
1
Replies

TCP reset from IPS (in passive mode) on 3550 swich with RSPAN/SPAN

jhickle120
Level 1
Level 1

‎09-10-2007 08:48 PM

Hi,

I was wondering if it is possible to get the tcp reset from IPS (in passive monitoring mode) using RSPAN/SPAN on 3550 switches, does the switch require an extra command in order to accept traffic from monitoring interface (IPS TCP reset).

thanks

thanks in advance

Labels:
0 Helpful
1 Reply 1

Not applicable

‎09-14-2007 01:45 PM

Actually it is the "Inpkts" parameter on CatOS that allows it to accept inbound traffic on the SPAN destination. The "learning" is

to disable MAC address learning, since the IDS will spoof the MAC address of the server when it sends a TCP RST back to the client. So disable Mac learning on the switch.

0 Helpful
Customers Also Viewed These Support Documents