Snort mailing list archives
Re: Snort-users digest, Vol 1 #4458 - 10 msgs
From: SN ORT <snort_on_acid () yahoo com>
Date: Fri, 13 Aug 2004 09:41:28 -0700 (PDT)
OMG I got STP and VTP confused...it's been too long. Thanks for the correction. I still have never seen performance issues with 5500 and being a Cisco enginner in the past, I've done a lot of them. Besides, I don't believe that's even the issue. Of course, you could start to develop port mirroring issues if you span too many of them... Cheese! Marc
--__--__-- Message: 1 Date: Thu, 12 Aug 2004 21:35:59 -0700 From: "Michael J. Pelletier" <mjpelletier () mjpelletier com> To: snort-users () lists sourceforge net Cc: Hey () wsip-24-234-113-78 lv lv cox net, man () wsip-24-234-113-78 lv lv cox net, don't () wsip-24-234-113-78 lv lv cox net, be () wsip-24-234-113-78 lv lv cox net, dis'ing () wsip-24-234-113-78 lv lv cox net, my () wsip-24-234-113-78 lv lv cox net, net () wsip-24-234-113-78 lv lv cox net, engineers!@wsip-24-234-113-78.lv.lv.cox.net Subject: [Snort-users] Re: Snort on span portHey man don't be dis'ing my net engineers!J/K.Ok, so if I remember correctly, root-bridges arelike only for vlan trunking protocol and elections and what-not of switches that will act as root bridges. Root Bridges are used for SPANNING TREE!. You can run VLAN trunks with SPANNING TREE. With SPANNING TREE each bridge will calulate it's distance from the root bridge to itself. This cost is used to determine the shortest past cost to the root bridge. Although ROOT BRIDGES are used with SPANNING TREE and VLANS can use SPANNING TREE ther are not the same.All they do is keep track of vlans.Not true. Root bridges help determine path cost between bridges.Not sure what this has to do with portspanning/monitoring. Your engineers should be spannig at the physical layer and not the vlan layer. Actually you can do both if your IDS understands VLAN trunking.They should be spanning the physical ports thatthe vlans are trunked on and connected to each other. Nevermind the gibberish about Cisco switches not keeping up with spanning...hogwash! Dude, Sorry but the Cisco 5500 series is known for this. Newer, ie 6500, etc are much, much better. Ask any Cisco engineer or someone, like me, that has used them for years. In private the Cisco Engineer will tell you.You assign vlans and trucks to ports, all theengineers need to worry about are physically spannning those ports to your ports.IOW, let's say my trunk port is port one on one ofthe switches. The port is either part of the backbone or at least connects to the other switches. Now let's say your IDS is connected to port two. All the engineer has to do is get on the switch, go to port 2 and type in "port monitor fa0/1" Then you'd be set! Cheese! Marc
__________________________________ Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages! http://promotions.yahoo.com/new_mail ------------------------------------------------------- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Snort-users digest, Vol 1 #4458 - 10 msgs SN ORT (Aug 13)