802.1q for packet filtering

802.1q for packet filtering
NewsGroups | Search | Tools
User Password
Register Now! Lost Password?
 comp.dcom.sys.cisco  Post an article  get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content  add this group's latest topics to your Google content  YahooMyWeb Yahoo!  Google Google  Windows Live Favorites Windows Live  del.icio.us del.icio.us  digg digg  Add to Netscape Netscape
Subject Author Date
802.1q for packet filtering Vicky 04-04-2005
Posted by Vicky on April 4, 2005, 11:51 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Just wondering if it is possible to use 802.1q aware nic (support vlan
tagging) on a packet filtering box to monitor traffic off multiple vlan
domains as opposed to having SPAN enabled on a switch?

Any pointers will be appreciated.


regards,
/vicky



Posted by Walter Roberson on April 4, 2005, 6:59 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
:Just wondering if it is possible to use 802.1q aware nic (support vlan
:tagging) on a packet filtering box to monitor traffic off multiple vlan
:domains as opposed to having SPAN enabled on a switch?

Not really.

When you use 802.1Q, you are almost always using switching -- you
are just confining the list of places that might be switched to.
But the switching still occurs.

Thus, if you have vlan #217 going to ports #27 and 31
and if you add vlan #217 to port #47 for the purpose of using
port #47 to monitor traffic over ports #27 and 31, then you run
into the problem that -all- you will get on #47 would be broadcast
and flooded traffic: any traffic that comes in over #27 that the
switch knows the MAC is on #31 is going to go directly to #31 without
a copy of it being copied to #47.

If you want to monitor switched traffic involving multiple ports,
you pretty much have to SPAN (or RSPAN) the traffic.
--
"I want to make sure [a user] can't get through ... an online
experience without hitting a Microsoft ad"
-- Steve Ballmer [Microsoft Chief Executive]


Posted by Vicky on April 4, 2005, 1:04 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
hmm..I thought since 802.1q nic is running in trunk mode and I even
have promiscious mode enabled on the nic, I should be able to sniff
traffic from these vlans?



regards,
/vicky



Posted by Brad on April 4, 2005, 1:10 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
retrieved - head follows
Newsgroups: comp.dcom.sys.cisco
Subject: Re: 802.1q for packet filtering
Date: 4 Apr 2005 13:16:39 -0700
Organization: http://groups.google.com
Lines: 6
NNTP-Posting-Host: 150.177.81.2
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
X-Trace: posting.google.com 1112645804 28313 127.0.0.1 (4 Apr 2005 20:16:44 GMT)
X-Complaints-To: groups-abuse@google.com
NNTP-Posting-Date: Mon, 4 Apr 2005 20:16:44 +0000 (UTC)
User-Agent: G2/0.2
Complaints-To: groups-abuse@google.com
Injection-Info: f14g2000cwb.googlegroups.com; posting-host=150.177.81.2;
posting-account=jUMyig0AAAA54kAgDljNvWnSTFrggqvN
Path:
alt.athenanews.com!feed5.newsreader.com!newsreader.com!border2.nntp.dca.giganews.com!nntp.giganews.com!newsread.com!news-xfer.newsread.com!postnews.google.com!f14g2000cwb.googlegroups.com!not-for-mail
Xref: 1650-01 comp.dcom.sys.cisco:200426


Posted by stephen on April 6, 2005, 9:43 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
retrieved - head follows
Newsgroups: comp.dcom.sys.cisco
Subject: Re: Routing/VLAN Issues between 3640rtr and Pix520
Date: 6 Apr 2005 14:44:48 -0700
Organization: http://groups.google.com
Lines: 49
NNTP-Posting-Host: 216.138.172.14
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
X-Trace: posting.google.com 1112823894 2453 127.0.0.1 (6 Apr 2005 21:44:54 GMT)
X-Complaints-To: groups-abuse@google.com
NNTP-Posting-Date: Wed, 6 Apr 2005 21:44:54 +0000 (UTC)
User-Agent: G2/0.2
Complaints-To: groups-abuse@google.com
Injection-Info: f14g2000cwb.googlegroups.com; posting-host=216.138.172.14;
posting-account=Dynoxg0AAABrK-2QIBlQOkhmxQjl3hEQ
Path:
alt.athenanews.com!feed5.newsreader.com!newsreader.com!border2.nntp.dca.giganews.com!border1.nntp.dca.giganews.com!nntp.giganews.com!newsread.com!news-xfer.newsread.com!postnews.google.com!f14g2000cwb.googlegroups.com!not-for-mail
Xref: 1650-01 comp.dcom.sys.cisco:200558


Similar ThreadsPosted
CISCO PIX 515e, VPN and packet filtering August 23, 2004, 8:36 am
%PIX-4-402106: Rec'd packet not an IPSEC packet. August 25, 2006, 4:06 pm
MAC filtering on PIX, is it possible? April 24, 2005, 12:48 am
SSL content filtering February 23, 2005, 11:37 pm
BGP filtering PA and PI blocks June 12, 2006, 9:45 am
URL Filtering WITHOUT Websense?? January 3, 2007, 10:31 am
IOS MAC Address filtering? January 3, 2007, 10:38 am
Content filtering April 2, 2007, 2:12 am
Pix content filtering May 29, 2007, 7:21 am
url filtering 2811 December 1, 2007, 6:41 am

other useful resources:
The Federal Communications Commission (FCC)
Telecommunications Industry Association
Electronic and Software Security Products and Services
International Telecommunication Union

Custom CGI Perl and PHP programming by 1-Script.com

Contact Us | Privacy Policy
The site map in XML format XML site map