If you want to mirror ALL traffic, you can set SPAN on the switch. You enable SPAN (switched port analyzer) by doing the following when in conf mode:
port monitor [interface] and of course to disable, no port monitor [interface] -----Original Message----- From: Batton, David L. [mailto:[EMAIL PROTECTED]] Sent: Friday, April 26, 2002 8:47 AM To: Kevin Brooks; [EMAIL PROTECTED] Subject: RE: IDS Kevin, It looks as if you're working with 29XX or 35XX gear using IOS? Is this correct? I think the commands you are looking for is "port monitor fast 0/x". You should do this inside the fast ethernet interface you want to use as the monitoring interface and list all the vlans and fast ethernet interfaces you want to monitor on this interface. (similar to how you have listed things in your question) Hope this helps, David L. Batton Telecom Network Analyst UVA Medical Center -----Original Message----- From: Kevin Brooks [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 24, 2002 3:11 PM To: [EMAIL PROTECTED] Subject: IDS On a Cisco switched network does anybody know how to set one port on one of the switches to mirror all traffic? I just setup an IDS and this is the one stumbling block I've hit. I know it's FastEth x/x portforward fastEth 0/1 portforward fastEth 0/2 and so on.. Does this sound right? Thanks, Kevin
