Hallo Kevin Brooks, am Mittwoch, 24. April 2002 um 21:10:30 schrieben Sie:
KB> On a Cisco switched network does anybody know how to set one port on one of KB> the switches to mirror all traffic? KB> I just setup an IDS and this is the one stumbling block I've hit. KB> I know it's KB> FastEth x/x KB> portforward fastEth 0/1 KB> portforward fastEth 0/2 KB> and so on.. KB> Does this sound right? almost... Cisco calls this a SPAN port. This document might help you: http://www.cisco.com/warp/public/473/41.html Found by typing "monitor"+"catalyst"+"port"+"cisco" into google.com There you can see how to configure a span port that monitors all the traffic of _one_ switch. But on the right switch, this should be enough. If you want more than one switch to be monitored, you should place more sensors, one per switch, with a central server. Anything else would not work smoothly, since IDS performance is... ...a topic for another thread. Regards, Doc. -- Malte von dem Hagen student of IT-Security Ruhr-University of Bochum [EMAIL PROTECTED] http://docvalde.net
