nanog mailing list archives
Re: Legal intercept - 3550
From: Scott Stursa <stursa () mailer fsu edu>
Date: Wed, 11 Aug 2004 13:37:51 -0400 (EDT)
On Wed, 11 Aug 2004, Stefan Baltus wrote:
The catalyst 3350 is receiving the traffic from router to switch and vice versa.
Can we assume the 3550 port attached to the tap is GE?
Now, we'd like to filter all but certain IP's on the 3350 and switch this traffic to a FE port on that same 3550. Currently we've put the FE interface in SPAN mode, but that fills up the FE port completely (obviously). Is there any way to accomplish this?
It might be possible to assign a VLAN to the 3550 port and set up a VACL (VLAN ACL) to filter, capture, and direct the data to another 3550 port. I did this two years ago while evaluating an IDS blade in a 6500 chassis, and wanted to reduce the number of false positives. In that case the output was directed to the IDS module, but it may be possible to direct it to a physical port. I haven't messed with VACLs since then, and thus cannot provide specific syntax for doing this, so I'd suggest you go to www.cisco.com and search on: vacl ids Good luck, - SLS ------------------------------------------------------------------------- Scott L. Stursa 850/645-2397 Network Security Assessment stursa () mailer fsu edu User Services/Office of Technology Integration Florida State University The Internet? Yeah, I remember that. Well, all I can say is that it seemed like a good idea at the time... - Any Number of People, circa 2020
Current thread:
- Legal intercept - 3550 Stefan Baltus (Aug 11)
- Re: Legal intercept - 3550 Ricardo "Rick" Gonzalez (Aug 11)
- Re: Legal intercept - 3550 Joe Abley (Aug 11)
- Re: Legal intercept - 3550 Owen DeLong (Aug 11)
- Re: Legal intercept - 3550 Scott Stursa (Aug 11)
- Re: Legal intercept - 3550 Stefan Baltus (Aug 11)
- <Possible follow-ups>
- RE: Legal intercept - 3550 Burton, Chris (Aug 11)
- Re: Legal intercept - 3550 Ricardo "Rick" Gonzalez (Aug 11)