[Snort-users] Cisco switch configuration for sensor

twig les twigles at ...131...
Thu Jan 16 10:12:02 EST 2003

It sounds fine but you almost never see the mistakes
until after they ruin your morning.  There is only one
way to find out if it works....  One thing though,
Spanning Tree Protocol (STP) is used for
loop-prevention at layer 2.  If this is a SOHO setup
with no redundant connections to the switching
infrastructure then you can just turn STP off.  Switch
Port ANalyzer (SPAN) is normally used for sniffing on
Cisco Catalysts but that feature is in the bigger
switches like 6500s.  A 1900, if it is like a 2900
(never used a 1900), should just have port monitoring,
which is a slimmed-down version of SPAN.

--- gr8dane2 at ...163... wrote:
> Ok, I checked the Cisco sites and believe I have
> this setup properly.  I just wanted to run it past
> the Snort gurus for confirmation before I hook it
> up.  I am using a Cisco 1900 series switch that has
> 12 10baseT ports (1x-12x) and 2 100baseTX ports (Ax
> and Bx).  I have a DSL router that is 10baseT
> (plugged into port 1x), snort sensor with a 10/100
> NIC (port Ax) and a firewall with 10/100 NIC (port
> Bx).  I have enabled the Spanning-Tree protocal. I
> have setup port Ax to monitor 1x and Bx.  Then I
> disabled the web interface, of course.  I am using
> the modified patch cable that will only allow
> inbound traffic on the sensor, a cross-over cable on
> the router, and a regular patch cable for the
> firewall.  The sensor has a public NIC with no
> bindings and a private NIC with local TCP/IP
> settings that connects back to the LAN behind the
> firewall, so it can report to MySQL server.  Anyone
> see anything wrong with this before I hook it up? 
> As always, keep up the great work!  You all are very
> helpful.
> Sincerely,
> Dane Howard
> This SF.NET email is sponsored by: Thawte.com
> Understand how to protect your customers personal
> information by implementing
> SSL on your Apache Web Server. Click here to get our
> FREE Thawte Apache 
> Guide:
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or
> unsubscribe:
> Snort-users list archive:

Know yourself and know your enemy and you will never fear defeat.         

Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.

More information about the Snort-users mailing list