How to Monitor Multiple Switches with a 2-Port IDS

Okay so my dilemma... we have two ProCurve 2810-24G switches, two ProCurve 4208vl switches, and one 5406zl switch.

The two 2810-24G switches have a trunk between them using LACP and the two 4208vl switches have a trunk between them using LACP as well. All 5 of the switches also have 2 uplinks to our routers which is two Juniper routers in a HA pair. Because of this configuration we have 10 uplinks ports but our IDS device only has 2 monitoring ports (Dell SecureWorks) so I cannot put the device in-line and purchasing 2-3 IDS devices is not possible.

I am trying to figure out how I can monitor 1 mirrored port on each switch (5 ports total) even though my IDS on has 2 monitoring ports. Any thoughts on creative ways to accomplish this?

Thanks in advance!
LVL 3
AIC-AdminAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jordan MedlenCommented:
You'll want to get a TAP device to aggregate your mirror ports over to your IDS. You could use one from a company such as at the following link...

http://networktaps.com/v/products.htm?gclid=CMbaz_29o7wCFUtp7AodokkApQ
0
AIC-AdminAuthor Commented:
Currently what I tried was mirroring a port from each switch to another Layer 2+ HP V1910-24G switch and then mirroring those 5 ports to another port where my IDS is connected and monitoring... this works when I only connect one switch for each of the trunks so I can connect 3 switches but once I connect the other switch in either trunk it destroys my network (all communication gets interrupted).

Any thought how I may be able to accomplish this using a method like I am trying since I already bought the HP V1910-24G Switch?
0
Jordan MedlenCommented:
I do not believe that HP supports RSPAN as I believe it's a Cisco only technology. RSPAN would allow you to accomplish what you want with the equipment you have. Getting a TAP device would be about the cost of a switch, is certainly a cheaper route than additional IDS systems, as well will not wreak havoc on your network when setting it up. I would highly recommend going this route.
0
Redefining Cyber Security w/ AI & Machine Learning

The implications of AI and machine learning in cyber security are massive and constantly growing, creating both efficiencies and new challenges across the board. Join our webinar on Sept. 21st to learn more about leveraging AI and machine learning to protect your business.

AIC-AdminAuthor Commented:
Thanks Jordan! I am researching network taps now but I am having trouble finding one with the number of gigabit Ethernet ports I need. Since my IDS only has 2 monitoring ports I need a tap that can accept at least 4 Ethernet "uplinks" and I can then connect that and my 5th switch to the two IDS monitoring ports.
0
Jordan MedlenCommented:
Probably want to look at something like this then...

http://www.network-taps.eu/products/products_search_showresult.php?artikelnummer=LA-2406

It's the same type of product, just more ports. Would give you room to grow as well.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
AIC-AdminAuthor Commented:
I ended up having to purchase a second Switch to run one set of mirrored ports over one scwitch and the second set of mirrored ports over another.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking Hardware-Other

From novice to tech pro — start learning today.