In this chapter, you learned that you must configure switches in various ways to send traffic to a sensor's monitoring port for IDS analysis. Traffic can be captured by port, direction (ingress or egress), VLAN membership, or conditions matching an ACL. We learned that SPAN and RSPAN are Cisco features that allow traffic to be captured for IDS analysis. For the Catalyst 6500 switches, you can capture traffic using VLAN or IOS ACLs. You can control VLAN traffic to be captured on a 6500 switch by using the clear trunk and set trunk commands.
