[Snort-users] Cisco Catalyst - SNORT
fringsm at ...5133...
Mon Jun 23 08:11:04 EDT 2003
Actually, depending on the version of code on the 6000 (or 4000/5000 for
that matter) you can set up spans that support two-way traffic. (We use
CatOS not IOS on our 6ks/5ks/4ks).
Check the span syntax on the device and look for the inpkts options, which
allows for traffic to be sent/received as well as mirrored.
While this is a usable solution; it is still better to have a separate NIC
for transport and a separate NIC for monitoring.
Scott Fringer Shands Healthcare @ U.F.
Technical Analyst II Gainesville, FL
On Mon, 23 Jun 2003, Javier Liendo wrote:
> hello jose
> you'll have to configure the switch port where you are
> plugging the snort device as a "span" port...
> pls take a look at the following link to see how you
> can configure it on a 6000 series catalyst switch...
> also in my experience, if you configure a switch port
> as span then you can not pass any management traffic
> through that port so you will have to add another
> network card and plug it to another switch port if you
> want to manage this device remotely...
More information about the Snort-users