Re: Monitor multiple VLANs

[Chris Green <cmg () sourcefire com>]

*wave to montevallo.edu* (originally from Birmingham.. )

Snort by default just strips off the vlan headers and decodes the
packets as if there were no vlans.  You will only run into troubles
with using the CISCO-specific trunking protocols (ISL)... but having
multiple VLANs won't be a problem.


"Martin Jr., D. Michael" <martinm () montevallo edu> writes:

> I was wondering if anyone out there has been successful in configuring
> Snort to monitor traffic on multiple VLANs.  If so, how did you
> accomplish this?  We are basically a "Cisco-shop" and are thinking of
> segmenting our residence halls (and other areas) into separate VLANs for
> security and virus propagation defense.  However, we would like to
> configure our Snort box (Windows 2000) to actually be able to see and
> "sniff" the traffic on all of the VLANs.
>
> Any suggestions?
>
> Thanks,
>
> Michael Martin
> University of Montevallo
-- 
Chris Green <cmg () sourcefire com>
Eschew obfuscation.


-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users