Re: IDS monitoring & Port Mirroring/SPAN

Sat, 31 Mar 2001 18:02:47 -0800 

I am using a 2900XL with 2 IDS's and Internet monitoring software on it.
There are three vlans on it. It is working great. If you need more info
email me offline.
Neil


""Scott Nelson"" <[EMAIL PROTECTED]> wrote in message
9a580l$a2n$[EMAIL PROTECTED]">news:9a580l$a2n$[EMAIL PROTECTED]...
> OK, here's the deal,
>
> I need to monitor a T-3 before and after a Firewall
> So:    ISP---7206----Switch-----Firewall----Switch----Router----LANs
>
> with the 2 different IDSes ( Intrusion Detection System ) hanging off of a
> monitor port on each switch.
>
> I was starting to get collisions on the firewall and the router with a
100Mb
> hub so, I figured if I wack 2 Cisco 2912XL switches in there and set
> everything for 100Mb Full, and that would end that issue and it has, but
has
> raised another one.
>
> So far, at the switch points, the switches are running at 80% according to
> the LEDs on the front, with our current bandwidth at about ~20Mb.
> What are the LEDs measuring is my first question?
> If it is the CPU utilization, I have a feeling it is because of Span/port
> monitor that the CPU has to duplicate the packets and ship them out the
> monitor port.
>
> My 2nd question is: If this link goes up to the max 40+ Mb, will I start
> dropping packets between the router(s) and the Firewall?
> Will I drop packets going to the IDSes?
>
> We have a Cat 5000 sitting around so, I figured, why not just use it?
> I tried to enable two different Port spans on a Cat 5000 and it will only
> allow me to do one at a time. I figured a Cat 5000 would have enough CPU
> power to do the job. I was going to create 3 VLANs, one VLAN before the
> firewall and one after and one for management. But if I can only do (1)
span
> at a time, this isn't going to work either.
>
> Suggestions?
>
> Or am I worrying for nothing? Will the 2912's do it or do I need to go the
> 3500XL or 4000 series switches to do this? What is everyone else doing?
>
> Scotty
>
> ----------------------------------------------------------
> Scott Nelson - Network Engineer
> Wash DC     +1202-270-8968
> Los Angeles +1310-367-6646
> mailto:[EMAIL PROTECTED]
> ----------------------------------------------------------
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to