I'm trying to deploy a Snort box in my LAN. I have a Linksys SRW248G4 and trying to configure Port mirroring so that Snort can listen everything on the network in promiscuous mode.
So in ADMIN / Port Mirroring, I have 3 things:
- Source Port (e1,…e48, g1…g4)
- Type (Rx, Tx, Both)
- Target (e1…e48, g1…g4)
Last time I played with it, I killed all traffic on the switch, I had to reboot it several times… so now I'm asking question before:
Do I need to configure each Source Port (from 1 to 48) to forward to the single promiscuous port ? 48 rules !? Is that correct ?
Thanks !
Best Answer
According to this cisco page for that switch,
You may be ok if you just set the source port as the port that uplinks to your router, since this will get you everything coming and going from your network.
When you say that you killed the switch last time you played with it, do you know what happened? I'd recommend understanding what you did wrong before playing with it again, otherwise you are likely to get the same results.