span and stacking switch and MSFC
From: Chiara Sambi (Sambi@ictc.it)
Date: 11/29/02
- Previous message: Bennett Todd: "Re: IDS using Taps & network bridging"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Chiara Sambi <Sambi@ictc.it> To: "'FOCUS-IDS@SECURITYFOCUS.COM'" <FOCUS-IDS@SECURITYFOCUS.COM> Date: Fri, 29 Nov 2002 15:06:45 +0100
I have 2 switch Cisco 3548 in stack and i need to analyze the traffic that
they sent to and receive from a management VLAN of an IDC that is I need to
monitor a port as SPAN port, to put an IDS sensor. I wonder if i can put
only one SPAN port to analyze ALL the traffic passing through the 2 switches
or i need 2 SPAN ports, one for each switch. And what about RSPAN?
And moreover I have read that on the switch Catalyst 6000 it is possible to
use port 15/1 (or 16/1) as a SPAN source that will allow it to monitor
traffic forwarded to the Multilayer Switch Feature Card (MSFC). So I'd like
to know if i can use this port as source SPAN port for 2 different SPAN
sessions, one for traffic TO the MSFC and one for the traffic FROM the MSFC,
with 2 different SPAN destination ports. Is this a promiscuos port?
All what u can tell me will be appreciated
-----------------------------------
Dott.sa Chiara Sambi
Consultant
ICT consulting
20140 Milano
via Vittor Pisani 22
tel: +39 02 67642249
fax: +39 02 67642243
e-mail: sambi@ictc.it
- Next message: Bob Walder: "Gigabit IDs report"
- Previous message: Bennett Todd: "Re: IDS using Taps & network bridging"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
