port mirroring and performance

we're installing an IDS here and need to do port mirroring on two modules on our core switch. How much impact am I looking at? is there an easier/better way to do this?


thanks
dissolvedAsked:
Who is Participating?
 
ngravattConnect With a Mentor Commented:
there is not significant performance impact.  I use the port mirroring on my core switches, which or Cisco 6509s.  I almost always have two mirroring sessions running.  One is used for IDS and one is used to span all traffic over to another monitoring device.  Cisco limits the number of span sessions to two.

Looking at my 6509 right now, the CPU is less than 10% and the memory usage is about 110 megs.

The only other way to do this is to put your IDS inline or use a hub.  A hub will send all traffic received to all ports.  If you have a connection to your ISP router, then you can take that cable out of you ISP router and plug it into a 4 port hub.  Use one of the ports to complete the connection to your ISP router, then you can take another port and connect it to your IDS device.

There are also some other 3rd party devices that do the same exact thing.  I look into these in the past though, and they were not cheap.
0
 
ngravattCommented:
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.