Yep, I just tested it and confirmed that SPAN session sees traffic both on access and trunk ports. What does it have to do to the point we are discussing ? ;) I'm inclined to think that we need two vlans in CAT4 monitor session for source, i.e. 45 and 450 only to provision for TCP RST. If the sensor sends TCP RST and it should reach the host connected to CAT4 then we need VLAN 45.
Eugene -----Original Message----- From: Jay McMickle [mailto:[email protected]] Sent: Monday, August 06, 2012 2:09 PM To: Karthik sagar Cc: Eugene Pefti; CCIE Security Maillist Subject: Re: [OSL | CCIE_Security] Volume 1 3.6 Monitoring Traffic with IDS Both access and trunk. It's all VLAN 5. Regards, Jay McMickle- CCIE #35355 (RS), 3x CCNP (RS,Security,Design) Sent from my iPhone On Aug 6, 2012, at 3:34 PM, Karthik sagar <[email protected]> wrote: > One quick question : > > when we say - monitor session 1 source vlan 5 - does it monitor traffic only > on vlan-5-access ports or does it monitor vlan 5 traffic coming in from the > trunks also ? > > Regards, > Karthik > _______________________________________________ > For more information regarding industry leading CCIE Lab training, > please visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
