Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How to Monitor Multiple Switches with a 2-Port IDS

Posted on 2014-01-29
6
Medium Priority
?
345 Views
Last Modified: 2016-11-23
Okay so my dilemma... we have two ProCurve 2810-24G switches, two ProCurve 4208vl switches, and one 5406zl switch.

The two 2810-24G switches have a trunk between them using LACP and the two 4208vl switches have a trunk between them using LACP as well. All 5 of the switches also have 2 uplinks to our routers which is two Juniper routers in a HA pair. Because of this configuration we have 10 uplinks ports but our IDS device only has 2 monitoring ports (Dell SecureWorks) so I cannot put the device in-line and purchasing 2-3 IDS devices is not possible.

I am trying to figure out how I can monitor 1 mirrored port on each switch (5 ports total) even though my IDS on has 2 monitoring ports. Any thoughts on creative ways to accomplish this?

Thanks in advance!
0
Comment
Question by:AIC-Admin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 6

Expert Comment

by:Jordan Medlen
ID: 39817616
You'll want to get a TAP device to aggregate your mirror ports over to your IDS. You could use one from a company such as at the following link...

http://networktaps.com/v/products.htm?gclid=CMbaz_29o7wCFUtp7AodokkApQ
0
 
LVL 3

Author Comment

by:AIC-Admin
ID: 39817629
Currently what I tried was mirroring a port from each switch to another Layer 2+ HP V1910-24G switch and then mirroring those 5 ports to another port where my IDS is connected and monitoring... this works when I only connect one switch for each of the trunks so I can connect 3 switches but once I connect the other switch in either trunk it destroys my network (all communication gets interrupted).

Any thought how I may be able to accomplish this using a method like I am trying since I already bought the HP V1910-24G Switch?
0
 
LVL 6

Expert Comment

by:Jordan Medlen
ID: 39817727
I do not believe that HP supports RSPAN as I believe it's a Cisco only technology. RSPAN would allow you to accomplish what you want with the equipment you have. Getting a TAP device would be about the cost of a switch, is certainly a cheaper route than additional IDS systems, as well will not wreak havoc on your network when setting it up. I would highly recommend going this route.
0
Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

 
LVL 3

Author Comment

by:AIC-Admin
ID: 39817782
Thanks Jordan! I am researching network taps now but I am having trouble finding one with the number of gigabit Ethernet ports I need. Since my IDS only has 2 monitoring ports I need a tap that can accept at least 4 Ethernet "uplinks" and I can then connect that and my 5th switch to the two IDS monitoring ports.
0
 
LVL 6

Accepted Solution

by:
Jordan Medlen earned 1500 total points
ID: 39817999
Probably want to look at something like this then...

http://www.network-taps.eu/products/products_search_showresult.php?artikelnummer=LA-2406

It's the same type of product, just more ports. Would give you room to grow as well.
0
 
LVL 3

Author Closing Comment

by:AIC-Admin
ID: 39829403
I ended up having to purchase a second Switch to run one set of mirrored ports over one scwitch and the second set of mirrored ports over another.
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question