Re: Switch port Mirror on a Cat5500 [7:4240]
At 08:21 PM 5/11/01 -0400, Keith Woodworth wrote: >Want to put a computer on a cat5500 so as to be able to sniff traffic on >all ports. > >We have multiple Vlans on this switch. Basically I have a program called >Snort running on a unix box plugged into a faste port on the cat5500. > >I want to be able to detect portscans etc over everything that we have on >that switch. > > From what Ive read I can mirror a port on a switched network to be able to >do this. Is this correct? > >Thanks, >Keith Sure, these ports are called SPAN ports. http://www.cisco.com/univercd/cc/td/doc/product/lan/cat5000/rel_6_2/_config/span.htm You can span VLANs, and I thought you can span the entire switch, but I guess I am wrong or am not reading it carefully enough. Hope this helps. -Carroll Kong Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=4246&t=4240 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Switch port Mirror on a Cat5500 [7:4240]
you can use the set span command to monitor all fe ports D'Wayne Saunders Senior MIS Operator, CCNA -Original Message- From: Keith Woodworth [mailto:[EMAIL PROTECTED]] Sent: Saturday, 12 May 2001 9:51 To: [EMAIL PROTECTED] Subject: Switch port Mirror on a Cat5500 [7:4240] Want to put a computer on a cat5500 so as to be able to sniff traffic on all ports. We have multiple Vlans on this switch. Basically I have a program called Snort running on a unix box plugged into a faste port on the cat5500. I want to be able to detect portscans etc over everything that we have on that switch. >From what Ive read I can mirror a port on a switched network to be able to do this. Is this correct? Thanks, Keith FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=4248&t=4240 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Switch port Mirror on a Cat5500 [7:4240]
On Fri, 11 May 2001, Carroll Kong wrote: |+At 08:21 PM 5/11/01 -0400, Keith Woodworth wrote: |+> From what Ive read I can mirror a port on a switched network to be able to |+>do this. Is this correct? |+> |+>Thanks, |+>Keith |+ |+Sure, these ports are called SPAN ports. |+ |+http://www.cisco.com/univercd/cc/td/doc/product/lan/cat5000/rel_6_2/_config/span.htm |+ |+You can span VLANs, and I thought you can span the entire switch, but I |+guess I am wrong or am not reading it carefully enough. Hope this helps. I started going through the console right after I posted that and came up with span as well and went through CCO on this: http://www.cisco.com/warp/public/473/41.html#arch5000 But it looks like you are correct about not being able to monitor the entire switch, just Vlans or other ports individually. With the way span works (if I'm reading it correctly) and we have 9 blades in our Cat I might be able to do this: set span 3/1-48,4/1-48,5/1-48,6/1-48,7/1-48,8/1-48,9/1-48,10/1-12,11/1-12 10/2 and that should in theory monitor everything on the switch and send everything to port 10/2 but it seems like a hell of a lot to do. Not something I'm going to try at this point anyway. Thanks though. Keith Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=4249&t=4240 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Switch port Mirror on a Cat5500 [7:4240]
On Sat, 12 May 2001, Dwayne Saunders wrote: |+you can use the set span command to monitor all fe ports |+ |+D'Wayne Saunders |+Senior MIS Operator, CCNA Ive looked at that but we have 48 port WS-X5012A blades in this switch as well. I dont want to just monitor the FE ports but the *whole* switch. Keith Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=4250&t=4240 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
