danny.rodriguezCISCO.COM

• Next message: Talisker: "Re: Host IDS"
• Previous message: MCKILLICAN, DONALD: "Re: host ids service"
• In reply to: Drew Simonis: "Re: IDS on switch with multiple VLANs"
• Next in thread: Kwstas Asvestas: "ÁÐ: IDS on switch with multiple VLANs"
• Next in thread: Eckert, Brian: "Re: IDS on switch with multiple VLANs"
• Reply: Danny Rodriguez: "Re: IDS on switch with multiple VLANs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Drew Simonis wrote:
> Cisco makes a version of their IDS that fits into a slot on the
> Cat switch, if you are using that. It monitors traffic on the
> backplane, so there is no need for SPAN ports, and no worries
> about multiple VLANs. Other than this product, which I think presently
> only works with Cat6000s, I don't know of any other switch friendly
> IDS out there.
The Catalyst 6000 IDS Module supports both the SPAN and capture
feature. The SPAN feature, however, is limited to 6 sessions and will
only monitor Ethernet traffic. The capture feature takes advantage of
VLAN ACLs (security ACLs). Using VACLs has the following benefits: 1)
allows you to monitor only defined traffic (filter layer 3 or 4), 2)
Does not have any "real" session limit, 3) Can monitor ATM traffic
Both SPAN and capture allow you to monitor multiple VLANs
simultaneously.

For more marketing info:
http://www.cisco.com/warp/public/cc/pd/si/casi/ca6000/prodlit/6kids_ds.htm

Danny

• Next message: Talisker: "Re: Host IDS"
• Previous message: MCKILLICAN, DONALD: "Re: host ids service"
• In reply to: Drew Simonis: "Re: IDS on switch with multiple VLANs"
• Next in thread: Kwstas Asvestas: "ÁÐ: IDS on switch with multiple VLANs"
• Next in thread: Eckert, Brian: "Re: IDS on switch with multiple VLANs"
• Reply: Danny Rodriguez: "Re: IDS on switch with multiple VLANs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]