Home > Articles > Cisco Network Technology > General Networking > Capturing Network Traffic for the Catalyst 6000 IDS Module

Capturing Network Traffic for the Catalyst 6000 IDS Module

Contents

  1. SPAN Port Feature
  2. VACL Feature
  3. Summary

Article Description

Cisco IDS incorporates intrusion-detection capability directly into your infrastructure through the Catalyst 6000 Intrusion Detection System (IDS) Module. Using multiple IDS Modules in a single catalyst 6000 family switch enables you to process multiple 100MB traffic streams, as discussed in this article by Earl Carter.

Summary

With the addition of the Catalyst 6000 IDS Module, you can integrate your Cisco IDS directly into your network's infrastructure. This line card sensor can then very effectively monitor your network traffic for intrusive activity by examining traffic directly from the switch's backplane. To enable this line card to receive network traffic for analysis, you must actually configure your Catalyst 6000 family switch to pass traffic to the Catalyst 6000 IDS Module's monitoring port. Your two options for capturing network traffic are:

  • Switched Port Analyzer (SPAN) ports
  • Virtual LAN (VLAN) access control lists (ACL) or VACLs

Of these two options, VACLs provide you with a much more robust capability to specify the type of traffic that you want to capture for analysis by the Catalyst 6000 IDS Module.