On Wed, 24 Apr 2002, Kevin Brooks wrote:
> On a Cisco switched network does anybody know how to set one port on one of
> the switches to mirror all traffic?
> I just setup an IDS and this is the one stumbling block I've hit.
> I know it's
> FastEth x/x
> portforward fastEth 0/1
> portforward fastEth 0/2
> and so on..
>
>
> Does this sound right?
> Thanks,
> Kevin
Kevin,
what you want is the switch port analyzer feature ( SPAN ). You can set
that with :
set span {source ports} {destination port}
an example would be :
set span 3/2-8,4/1 5/12
you have more options, like monitoring vlans as a source as well as making
the destination port a trunk to preserve vlan tags. you can filter out
specific vlan traffic... etc etc.
Depending on the Cisco you have you can also do remote span for your
network, independant of the local switch. You need to have a 6000 though
and then make a rspan vlan for the traffic, but it's a neat feature.
you can look up details on the cisco site.
Good luck,
Jaya Baloo
Network Specialist
CCNP
+31-6-51569107
