Snort mailing list archives

Re: Snorting on a Layer-3 switch

From: Jason <jasonb () sourcefire com>
Date: Thu, 08 Aug 2002 11:30:31 -0400

IIRC you should be able to set up a trunk port and send the bridge traffic over it. Make sure you specify dot1q.

An example of trunking it should be available here.
http://www.cisco.com/warp/public/473/29.html

Regards,
Jason.

Nick Lomonte wrote:

Hi all,

I've been trying to figure out a way to set up an IDS on a Layer-3 switch.  I'm using the Cisco 2948G-L3.  It doesn't 
have the standard 'port monitor' commands.  I have most ports in the same bridge-group, and a few that are routing.   
I'm only interested in snorting the bridge group though.

Has anyone else done this, or know a way to do it?

Thanks

-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snorting on a Layer-3 switch Nick Lomonte (Aug 06)
- Re: Snorting on a Layer-3 switch Andy Shelley (Aug 08)
- Re: Snorting on a Layer-3 switch Jason (Aug 08)