Cisco Switch Spanning Port

I have 4 Cisco 3500 series switches.  All linked together via the GBIC (I think that's what it's called) interface.   My question is, if I have one particular port, on ONE of these switches set in spanning mode, and I have my IDS/IPS system plugged into that port, is it monitoring activity from my other 3 switches as well?
psueocAsked:
Who is Participating?
 
lrmooreCommented:
I would place your snort on a span port on whichever switch your outbound router/firewall is located. At least you get all traffic coming in/going out of the network.

0
 
lrmooreCommented:
No, it is not. It is only monitoring traffic that is coming through that switch.
You can enable RSPAN on the other 3 switches so that they will mirror all of their traffic to the 1
http://www.cisco.com/en/US/products/hw/switches/ps646/products_configuration_guide_chapter09186a00801ce0bc.html
0
 
psueocAuthor Commented:
wouldn't that put a tremendous additional load on the switches, as well as create a ton of additional traffic?  I have to keep performance in mind also.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
lrmooreCommented:
Absolutely. It should only be used for very specific troubleshooting reasons and with prudence.
what application are you trying to use on the span port, and what are you trying to accomplish? There may be a better way.
0
 
psueocAuthor Commented:
I'm running SNORT on a system plugged into the spanning port.  Really just an experimental thing.  I was just curious to know whether I was seeing ALL of our network traffic or not.
0
 
psueocAuthor Commented:
ok....thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.