Firewall Wizards mailing list archives
Re: Shomiti Taps, Cisco Port Mirroring and IDS
From: Don Ng <sayhockng () yahoo com>
Date: Sun, 6 Jan 2002 00:10:33 -0800 (PST)
Hello John, the following case is where the firewall is connected directly to the external router. So there was no switches that could be used to carry out Spanning. So I was looking at how to use taps. The only reason to use taps instead of hubs is to ensure that when there is a power failure, the normal traffic can still pass thorugh. Though I could get an UPS for the HUB :) Thanks Don --- John Adams <jna () retina net> wrote:
I don't understand why you would ever need one of these devices if you have the two switches on a VLAN and you have a span port enabled. On the other hand, if you think you need another hub, perhaps you could use two crossover cables in and out of the tap? -john On Thu, 3 Jan 2002, Don Ng wrote:Hello all, just need some assistance on the issueofShomiti taps. I have spoken to the vendors buttheyhad to check ... I am looking at their Century taps that comeswith 4ports. Two ports are used to place the device inlinewiththe segment to be monitored. Original Router-----Firewall After Router----<P 1> Century TAP <Port 2>---Firewall | | <P 3> <P 4> The vendors advised me that for the other 2 ports,Iwas told that each port mirrored out one direction flow. Eg. Router --->Firewall for Port 3 and Firewall---> Router for Port 4. From the looks of things I would have to connectbothPort 3 and 4 to another Hub and plugging annetworkIDS into that hub. Router----<P 1> Century TAP <Port 2>---Firewall | | <P 3> <P 4> | | HUB |----NID-200 Is this the optimal way to put an inline tap. Cisco port mirroring seems to work fine mirroing multiple ports to a single port connected to anIDS.Glad for any help and comments. ===== A Nobel Peace Prize for Jim Henson, He bought laughter to a lot of people. PS: I work in www.Quantiqint.com so comments regarding CyberGuard FW, NFR Security,Network-1,might be judged to be biased. __________________________________________________ Do You Yahoo!? Send your FREE holiday greetings online! http://greetings.yahoo.com _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
-- J. Adams http://www.retina.net/~jna I'm not offened by the things that you say, 'cause it's such a predictable way to wreak havoc / Talk. I need something to agree with at first / You were right / I was wrong / Now does that make you happy? --Lush
===== A Nobel Peace Prize for Jim Henson, He bought laughter to a lot of people. PS: I work in www.Quantiqint.com so comments regarding CyberGuard FW, NFR Security, Network-1, might be judged to be biased. __________________________________________________ Do You Yahoo!? Send FREE video emails in Yahoo! Mail! http://promo.yahoo.com/videomail/ _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Shomiti Taps, Cisco Port Mirroring and IDS Don Ng (Jan 04)
- Re: Shomiti Taps, Cisco Port Mirroring and IDS Paul Cardon (Jan 04)
- Re: Shomiti Taps, Cisco Port Mirroring and IDS Ryan Russell (Jan 04)
- Re: Shomiti Taps, Cisco Port Mirroring and IDS Paul Cardon (Jan 06)
- RE: Shomiti Taps, Cisco Port Mirroring and IDS franks (Jan 04)
- Re: Shomiti Taps, Cisco Port Mirroring and IDS Ryan Russell (Jan 04)
- RE: Shomiti Taps, Cisco Port Mirroring and IDS franks (Jan 04)
- Re: Shomiti Taps, Cisco Port Mirroring and IDS Roelof JT Jonkman (Jan 04)
- Re: Shomiti Taps, Cisco Port Mirroring and IDS John Adams (Jan 05)
- Re: Shomiti Taps, Cisco Port Mirroring and IDS Don Ng (Jan 06)
- Re: Shomiti Taps, Cisco Port Mirroring and IDS Paul Cardon (Jan 04)