Solved

How to Monitor Multiple Switches with a 2-Port IDS

Posted on 2014-01-29
6
340 Views
Last Modified: 2016-11-23
Okay so my dilemma... we have two ProCurve 2810-24G switches, two ProCurve 4208vl switches, and one 5406zl switch.

The two 2810-24G switches have a trunk between them using LACP and the two 4208vl switches have a trunk between them using LACP as well. All 5 of the switches also have 2 uplinks to our routers which is two Juniper routers in a HA pair. Because of this configuration we have 10 uplinks ports but our IDS device only has 2 monitoring ports (Dell SecureWorks) so I cannot put the device in-line and purchasing 2-3 IDS devices is not possible.

I am trying to figure out how I can monitor 1 mirrored port on each switch (5 ports total) even though my IDS on has 2 monitoring ports. Any thoughts on creative ways to accomplish this?

Thanks in advance!
0
Comment
Question by:AIC-Admin
  • 3
  • 3
6 Comments
 
LVL 6

Expert Comment

by:Jordan Medlen
ID: 39817616
You'll want to get a TAP device to aggregate your mirror ports over to your IDS. You could use one from a company such as at the following link...

http://networktaps.com/v/products.htm?gclid=CMbaz_29o7wCFUtp7AodokkApQ
0
 
LVL 3

Author Comment

by:AIC-Admin
ID: 39817629
Currently what I tried was mirroring a port from each switch to another Layer 2+ HP V1910-24G switch and then mirroring those 5 ports to another port where my IDS is connected and monitoring... this works when I only connect one switch for each of the trunks so I can connect 3 switches but once I connect the other switch in either trunk it destroys my network (all communication gets interrupted).

Any thought how I may be able to accomplish this using a method like I am trying since I already bought the HP V1910-24G Switch?
0
 
LVL 6

Expert Comment

by:Jordan Medlen
ID: 39817727
I do not believe that HP supports RSPAN as I believe it's a Cisco only technology. RSPAN would allow you to accomplish what you want with the equipment you have. Getting a TAP device would be about the cost of a switch, is certainly a cheaper route than additional IDS systems, as well will not wreak havoc on your network when setting it up. I would highly recommend going this route.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 3

Author Comment

by:AIC-Admin
ID: 39817782
Thanks Jordan! I am researching network taps now but I am having trouble finding one with the number of gigabit Ethernet ports I need. Since my IDS only has 2 monitoring ports I need a tap that can accept at least 4 Ethernet "uplinks" and I can then connect that and my 5th switch to the two IDS monitoring ports.
0
 
LVL 6

Accepted Solution

by:
Jordan Medlen earned 500 total points
ID: 39817999
Probably want to look at something like this then...

http://www.network-taps.eu/products/products_search_showresult.php?artikelnummer=LA-2406

It's the same type of product, just more ports. Would give you room to grow as well.
0
 
LVL 3

Author Closing Comment

by:AIC-Admin
ID: 39829403
I ended up having to purchase a second Switch to run one set of mirrored ports over one scwitch and the second set of mirrored ports over another.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction This article explores the design of a cache system that can improve the performance of a web site or web application.  The assumption is that the web site has many more “read” operations than “write” operations (this is commonly the ca…
#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question