[Snort-users] Snorting on a Layer-3 switch

Jason jasonb at ...1935...
Thu Aug 8 17:23:02 EDT 2002


IIRC you should be able to set up a trunk port and send the bridge traffic over it. Make sure you specify dot1q.

An example of trunking it should be available here.
http://www.cisco.com/warp/public/473/29.html

Regards,
Jason.

Nick Lomonte wrote:

> Hi all,
>
> I've been trying to figure out a way to set up an IDS on a Layer-3 switch.  I'm using the Cisco 2948G-L3.  It doesn't have the standard 'port monitor' commands.  I have most ports in the same bridge-group, and a few that are routing.   I'm only interested in snorting the bridge group though.
>
> Has anyone else done this, or know a way to do it?
>
> Thanks
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list