[Snort-users] Cisco switch configuration for sensor

gr8dane2 at ...163... gr8dane2 at ...163...
Thu Jan 16 08:35:05 EST 2003


Ok, I checked the Cisco sites and believe I have this setup properly.  I just wanted to run it past the Snort gurus for confirmation before I hook it up.  I am using a Cisco 1900 series switch that has 12 10baseT ports (1x-12x) and 2 100baseTX ports (Ax and Bx).  I have a DSL router that is 10baseT (plugged into port 1x), snort sensor with a 10/100 NIC (port Ax) and a firewall with 10/100 NIC (port Bx).  I have enabled the Spanning-Tree protocal. I have setup port Ax to monitor 1x and Bx.  Then I disabled the web interface, of course.  I am using the modified patch cable that will only allow inbound traffic on the sensor, a cross-over cable on the router, and a regular patch cable for the firewall.  The sensor has a public NIC with no bindings and a private NIC with local TCP/IP settings that connects back to the LAN behind the firewall, so it can report to MySQL server.  Anyone see anything wrong with this before I hook it up?  As always, keep up the great work!  You all are very helpful.

Sincerely,
Dane Howard





More information about the Snort-users mailing list