my experience with Cisco switches (Catalyst 6000 & 6500) indicates that the
span port drops packets...not that the whole switch slows. I usually span
to a gigabit ethernet port to try and minimize it.

Scott Cothrell
Cisco Systems
Austin, Texas

-----Original Message-----
From: Focus on Intrusion Detection Systems
[mailto:FOCUS-IDSSECURITYFOCUS.COM]On Behalf Of Jerry Shenk
Sent: Friday, April 06, 2001 9:54 PM
To: FOCUS-IDSSECURITYFOCUS.COM
Subject: Re: Switch Configuration

How do different switches handle high load. I think some of them throttle
the entire monitored VLAN to the speed of the span port and I think some
just drop packets going to the span port. Anybody know which switches
handle it which way.....or some other way.

-----Original Message-----
From: Focus on Intrusion Detection Systems
[mailto:FOCUS-IDSSECURITYFOCUS.COM]On Behalf Of Scott Cothrell
Sent: Friday, April 06, 2001 7:51 PM
To: FOCUS-IDSSECURITYFOCUS.COM
Subject: Re: Switch Configuration

For Catalyst 6K

Usage: set span disable [dest_mod/dest_port|all]
       set span <src_mod/src_ports...|src_vlans...|sc0>
                <dest_mod/dest_port> [rx|tx|both]
                [inpkts <enable|disable>]
                [learning <enable|disable>]
                [multicast <enable|disable>]
                [filter <vlans...>]
                [create]
       (example of src_mod/src_ports: 2/1-4 or 2/1-2 or 2/5,2/6
        example of src_vlans: 2-10,105

> -----Original Message-----
> From: Focus on Intrusion Detection Systems
> [mailto:FOCUS-IDSSECURITYFOCUS.COM]On Behalf Of Raul Rubio Rueda
> Sent: Friday, April 06, 2001 3:02 AM
> To: FOCUS-IDSSECURITYFOCUS.COM
> Subject: Switch Configuration
>
>
> Sombody can tell me what i have to do to configure a Cisco
> switch port to
> put in it a IDS, i mean, which are the instruction??
>
> Thanks.
>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]