Okay so I have bit of a complicated question.
I need to implement a IDS to monitor internal network traffic. Due to port density and the IDS only has 2 ports I cannot put the IDS as an in-line device so I want to mirror ports from 5 ProCurve switches (3 different models in all). What I would like to do on each switch is mirror all VLAN traffic from specific ports to the mirrored port. There are a few VLANs on each switch. I then want to connect those mirrored ports to another switch that the IDS will be connected to so that it can see traffic from all area's of my network.
Does anyone see an issue with this configuration?
Where I'm getting a little confused is with the VLAN tagging and making sure that traffic from all VLANs is passed through the mirrored/monitored port to the switch where the IDS will be attached. The uplink and trunk ports on the switches are tagged while all over the other ports are untagged. I am also wondering if the IDS will be able to "see" the traffic from all of the other switches when their mirrored port is connected to this new switch which will only be used for the IDS monitoring.
Thanks in advance!