Solved

How to Monitor Multiple Switches with a 2-Port IDS

Posted on 2014-01-29
6
337 Views
Last Modified: 2016-11-23
Okay so my dilemma... we have two ProCurve 2810-24G switches, two ProCurve 4208vl switches, and one 5406zl switch.

The two 2810-24G switches have a trunk between them using LACP and the two 4208vl switches have a trunk between them using LACP as well. All 5 of the switches also have 2 uplinks to our routers which is two Juniper routers in a HA pair. Because of this configuration we have 10 uplinks ports but our IDS device only has 2 monitoring ports (Dell SecureWorks) so I cannot put the device in-line and purchasing 2-3 IDS devices is not possible.

I am trying to figure out how I can monitor 1 mirrored port on each switch (5 ports total) even though my IDS on has 2 monitoring ports. Any thoughts on creative ways to accomplish this?

Thanks in advance!
0
Comment
Question by:AIC-Admin
  • 3
  • 3
6 Comments
 
LVL 6

Expert Comment

by:Jordan Medlen
ID: 39817616
You'll want to get a TAP device to aggregate your mirror ports over to your IDS. You could use one from a company such as at the following link...

http://networktaps.com/v/products.htm?gclid=CMbaz_29o7wCFUtp7AodokkApQ
0
 
LVL 3

Author Comment

by:AIC-Admin
ID: 39817629
Currently what I tried was mirroring a port from each switch to another Layer 2+ HP V1910-24G switch and then mirroring those 5 ports to another port where my IDS is connected and monitoring... this works when I only connect one switch for each of the trunks so I can connect 3 switches but once I connect the other switch in either trunk it destroys my network (all communication gets interrupted).

Any thought how I may be able to accomplish this using a method like I am trying since I already bought the HP V1910-24G Switch?
0
 
LVL 6

Expert Comment

by:Jordan Medlen
ID: 39817727
I do not believe that HP supports RSPAN as I believe it's a Cisco only technology. RSPAN would allow you to accomplish what you want with the equipment you have. Getting a TAP device would be about the cost of a switch, is certainly a cheaper route than additional IDS systems, as well will not wreak havoc on your network when setting it up. I would highly recommend going this route.
0
Network it in WD Red

There's an industry-leading WD Red drive for every compatible NAS system to help fulfill your data storage needs. With drives up to 8TB, WD Red offers a wide array of solutions for customers looking to build the biggest, best-performing NAS storage solution.  

 
LVL 3

Author Comment

by:AIC-Admin
ID: 39817782
Thanks Jordan! I am researching network taps now but I am having trouble finding one with the number of gigabit Ethernet ports I need. Since my IDS only has 2 monitoring ports I need a tap that can accept at least 4 Ethernet "uplinks" and I can then connect that and my 5th switch to the two IDS monitoring ports.
0
 
LVL 6

Accepted Solution

by:
Jordan Medlen earned 500 total points
ID: 39817999
Probably want to look at something like this then...

http://www.network-taps.eu/products/products_search_showresult.php?artikelnummer=LA-2406

It's the same type of product, just more ports. Would give you room to grow as well.
0
 
LVL 3

Author Closing Comment

by:AIC-Admin
ID: 39829403
I ended up having to purchase a second Switch to run one set of mirrored ports over one scwitch and the second set of mirrored ports over another.
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

There are times where you would like to have access to information that is only available from a different network. This network could be down the hall, or across country. If each of the network sites have access to the internet, you can create a ne…
Introduction This article explores the design of a cache system that can improve the performance of a web site or web application.  The assumption is that the web site has many more “read” operations than “write” operations (this is commonly the ca…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now