Hi Paul, here is Cisco info about SPAN. http://www.cisco.com/warp/public/473/41.html Good reading..
Cheers, Daniel. > Hi all. > > I am not a network specialist by any means so please be gentle. I am > currently attempting to deploy network sensors throughout our > infrastructure. Since we have a switched environment, I have 2 options > (that I am aware of): > > * use the SPAN port of a switch for a network IDS > * use network taps. > > Many of our switches have several internal interfaces that I would like > to monitor...i.e. one switch will be used for traffic destined for 8 > different networks. I would like to be able to plug an IDS into the > SPAN port of the switch and get the networking people to configure the > SPAN port to accept traffic from port 1, 3, and 8 for example because > those are critical network segments. This would allow my IDS to > monitor all 3 of those ports at the same time. The network guys say > this is not possible and I can only span one port on the switch to the > SPAN port. This means using the SPAN port is out of the question for > our environment. I went to the Cisco site and it seems that the > switches are capable of doing what I want, so I am confused. > > Question 1: Who is right...i.e. can a SPAN port monitor traffic over > multiple incoming/outgoing ports on a single switch? If not then why > not? Question 2: If the network guys are right then why is the SPAN > port a widely used method of deploying network IDS? Question 3: If the > network guys are right, what other options are open to me...I mentioned > taps but don't I run into the same issues...1 tap for 1 network segment > and so in my example above, I would require 8 taps for the switch with > 8 ports. > > Thanks in advance. > > Paul > > > > _______________________________________________ > ISSForum mailing list > [EMAIL PROTECTED] > > TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to > https://atla-mm1.iss.net/mailman/listinfo _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
