[Snort-users] Snorting on a Layer-3 switch

Jason jasonb at ...1935...
Thu Aug 8 17:23:02 EDT 2002

IIRC you should be able to set up a trunk port and send the bridge traffic over it. Make sure you specify dot1q.

An example of trunking it should be available here.


Nick Lomonte wrote:

> Hi all,
> I've been trying to figure out a way to set up an IDS on a Layer-3 switch.  I'm using the Cisco 2948G-L3.  It doesn't have the standard 'port monitor' commands.  I have most ports in the same bridge-group, and a few that are routing.   I'm only interested in snorting the bridge group though.
> Has anyone else done this, or know a way to do it?
> Thanks
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

More information about the Snort-users mailing list