Re: [fw-wiz] Forwarding traffic to an active IDS/Firewall

From: Aaron Smith (smitha_at_byui.edu)
Date: 07/21/05

  • Next message: Dbdataplus_at_aol.com: "[fw-wiz] unsubscribe"
    To: firewall-wizards@honor.icsalabs.com
    Date: Thu, 21 Jul 2005 15:49:13 -0600
    
    

    On Wed, 2005-07-13 at 18:39 -0300, Vinicius Pavanelli Vianna wrote:
    > Hi all,
    >
    > Anyone knows how I can forward all traffic the came to a Cisco Catalyst
    > swith to an gateway to do some IDS/Firewall/Traffic Shape?
    > In ipfw (freebsd) this would be done by an "fwd" rule to forward all
    > packets to an forced gateway, this can be done in an cisco device or i
    > need to emulate all the valid IPs on the switch and use a VLAN with the
    > servers so the IDS receive the packets and forward to the internal VLAN,
    > this would be a little harmful ;)
    >
    > TIA,
    > Vinicius

    It sounds to me like you are wanting to do a port SPAN. A SPAN will
    forward all [1] traffic from one port to another for analysis, making it
    appear that both switched ports are in the same collision domain.
    Cisco's site has documentation for CatOS and IOS on configuring SPANs,
    but from memory it's goes something like this in IOS:
    (conf t) monitor session 1 source interface blah blah
    (conf t) monitor session 1 destination interface blah blah

    In CatOS it's something like "set port span" or "set span", I don't
    fully recall. I hope this is enough to get you started :~)

    [1] almost all--some error packets get dropped. Thanks a lot, cisco :~\

    _________________________________

    @@ron Smith <smitha@byui.edu>
    Network Operations
    Brigham Young University Idaho

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Dbdataplus_at_aol.com: "[fw-wiz] unsubscribe"