|
Posted by Vicky on April 4, 2005, 11:51 am
If you were Registered and logged in, you could reply and use other advanced thread options
Just wondering if it is possible to use 802.1q aware nic (support vlan
tagging) on a packet filtering box to monitor traffic off multiple vlan
domains as opposed to having SPAN enabled on a switch?
Any pointers will be appreciated.
regards,
/vicky
|
|
Posted by Walter Roberson on April 4, 2005, 6:59 pm
If you were Registered and logged in, you could reply and use other advanced thread options
:Just wondering if it is possible to use 802.1q aware nic (support vlan
:tagging) on a packet filtering box to monitor traffic off multiple vlan
:domains as opposed to having SPAN enabled on a switch?
Not really.
When you use 802.1Q, you are almost always using switching -- you
are just confining the list of places that might be switched to.
But the switching still occurs.
Thus, if you have vlan #217 going to ports #27 and 31
and if you add vlan #217 to port #47 for the purpose of using
port #47 to monitor traffic over ports #27 and 31, then you run
into the problem that -all- you will get on #47 would be broadcast
and flooded traffic: any traffic that comes in over #27 that the
switch knows the MAC is on #31 is going to go directly to #31 without
a copy of it being copied to #47.
If you want to monitor switched traffic involving multiple ports,
you pretty much have to SPAN (or RSPAN) the traffic.
--
"I want to make sure [a user] can't get through ... an online
experience without hitting a Microsoft ad"
-- Steve Ballmer [Microsoft Chief Executive]
|
|
Posted by Vicky on April 4, 2005, 1:04 pm
If you were Registered and logged in, you could reply and use other advanced thread options hmm..I thought since 802.1q nic is running in trunk mode and I even
have promiscious mode enabled on the nic, I should be able to sniff
traffic from these vlans?
regards,
/vicky
|
|
Posted by Brad on April 4, 2005, 1:10 pm
If you were Registered and logged in, you could reply and use other advanced thread options retrieved - head follows
Newsgroups: comp.dcom.sys.cisco
Subject: Re: 802.1q for packet filtering
Date: 4 Apr 2005 13:16:39 -0700
Organization: http://groups.google.com Lines: 6
NNTP-Posting-Host: 150.177.81.2
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
X-Trace: posting.google.com 1112645804 28313 127.0.0.1 (4 Apr 2005 20:16:44 GMT)
X-Complaints-To: groups-abuse@google.com
NNTP-Posting-Date: Mon, 4 Apr 2005 20:16:44 +0000 (UTC)
User-Agent: G2/0.2
Complaints-To: groups-abuse@google.com
Injection-Info: f14g2000cwb.googlegroups.com; posting-host=150.177.81.2;
posting-account=jUMyig0AAAA54kAgDljNvWnSTFrggqvN
Path:
alt.athenanews.com!feed5.newsreader.com!newsreader.com!border2.nntp.dca.giganews.com!nntp.giganews.com!newsread.com!news-xfer.newsread.com!postnews.google.com!f14g2000cwb.googlegroups.com!not-for-mail
Xref: 1650-01 comp.dcom.sys.cisco:200426
|
|
Posted by stephen on April 6, 2005, 9:43 pm
If you were Registered and logged in, you could reply and use other advanced thread options retrieved - head follows
Newsgroups: comp.dcom.sys.cisco
Subject: Re: Routing/VLAN Issues between 3640rtr and Pix520
Date: 6 Apr 2005 14:44:48 -0700
Organization: http://groups.google.com Lines: 49
NNTP-Posting-Host: 216.138.172.14
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
X-Trace: posting.google.com 1112823894 2453 127.0.0.1 (6 Apr 2005 21:44:54 GMT)
X-Complaints-To: groups-abuse@google.com
NNTP-Posting-Date: Wed, 6 Apr 2005 21:44:54 +0000 (UTC)
User-Agent: G2/0.2
Complaints-To: groups-abuse@google.com
Injection-Info: f14g2000cwb.googlegroups.com; posting-host=216.138.172.14;
posting-account=Dynoxg0AAABrK-2QIBlQOkhmxQjl3hEQ
Path:
alt.athenanews.com!feed5.newsreader.com!newsreader.com!border2.nntp.dca.giganews.com!border1.nntp.dca.giganews.com!nntp.giganews.com!newsread.com!news-xfer.newsread.com!postnews.google.com!f14g2000cwb.googlegroups.com!not-for-mail
Xref: 1650-01 comp.dcom.sys.cisco:200558
|
| Similar Threads | Posted | | CISCO PIX 515e, VPN and packet filtering | August 23, 2004, 8:36 am |
| %PIX-4-402106: Rec'd packet not an IPSEC packet. | August 25, 2006, 4:06 pm |
| MAC filtering on PIX, is it possible? | April 24, 2005, 12:48 am |
| SSL content filtering | February 23, 2005, 11:37 pm |
| BGP filtering PA and PI blocks | June 12, 2006, 9:45 am |
| URL Filtering WITHOUT Websense?? | January 3, 2007, 10:31 am |
| IOS MAC Address filtering? | January 3, 2007, 10:38 am |
| Content filtering | April 2, 2007, 2:12 am |
| Pix content filtering | May 29, 2007, 7:21 am |
| url filtering 2811 | December 1, 2007, 6:41 am |
|
|