Hey all, I've configured the switched network to copy traffic from VL10 on all switches (via remote span) to IPS G0/0.
I've confirmed that IPS is working as expected via ICMP and ICMP-echo signatures firing when a ping and ping reply traverses VLAN10. I've created a custom sig using String TCP that looks at packets going to port 23 with a regex of Cisco|cIsco|ciSco. For some reason I cannot get the custom sig to fire when the direction is set to "to service" but I can get it to fire when the direction is "from service". I've reloaded everything, checked and double check the port spanning config and copied the solution guide answers verbatim (I think). Has anyone made this thing work before? any ideas? I'm testing the signature by telnetting from R1 (connected to Vlan 10) to R2 (reachable via Vlan 10). Many thanks, Jerome
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
