Categories
Welcome Center
Education & Development
Discussions
Certification Preparation
Recent Posts
Groups
Free Resources
Ebooks
Free Workshops
Trending Certifications Infographic
Infosec Training
IT & Security Training
Live Boot Camps
Security Awareness Training
About Infosec Institute
Home
Certification Preparation
Cisco
CCST & CCNA (Entry-level & Associate)
Traffic-export for IPS
Stevo7
Hey i am trying to learn about IDS/IPS on the network but i am having issues getting traffic exported to an IDS box.
My test setup is a cisco 2800 router and a 2960 switch, i have multiple VMs connected to physical NICS that connect to the switch.
They are all on VLAN65 and all connect fine and all is merry. I am trying to export traffic traveling over one of the fastEthernet interfaces of the router to the IDs which is plugged into the switch. The IDS works if it is plugged into the router directly, but i need to have workstations plugged in too so i need the switch.
i have configured
ip traffic-export profile IDSTEST
interface fa0/1.65
bidirectional
mac-address xxxx.xxxx.xxxx
i have applied the profile to the interface to monitor (fa0/0)
The IDS gets no alerts at all.
I then tried to create monitoring sessions on the switch but alas, it doesnt work.
monitor session 1 source interface Fa0/48 (trunk port from router fa0.1/100)
monitor session 1 destination interface Fa0/1 encapsulation replicate (fa0/1 is connected to the ubutun box running suricata)
Can anyone see something i may be missing to get this traffic exported to suricata?
Find more posts tagged with
Save $250 on 2025 certification boot camps from Infosec!
Book now with code EOY2025
Button
Comments
There are no comments yet
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
INFOSEC Boot Camps
$250
OFF
Use code
EOY2025
to receive $250 off your 2025 certification boot camp!
BROWSE BOOT CAMPS
