nanog mailing list archives

Re: Legal intercept - 3550

From: Stefan Baltus <stefan.baltus () xbn nl>
Date: Wed, 11 Aug 2004 21:04:44 +0200


Thanks for all the replies. The best solution was by Boyan Krosnov who
suggested the following:

Configure the GE port where the traffic comes in from the fiber tap in a
separate new vlan A, access mode.
Configure fastethernet X to be in access mode for vlan A.
Configure a static mac entry for vlan A pointing the destination mac
address of the router where the traffic heads to to fastethernet X. 
Connect your sniffer on Fastethernet X. 
-- at this stage all traffic going to that router will be dumped to the
sniffer. Not precisely what you want. 
-- now comes the trick 
Configure a VLAN access-map
http://www.cisco.com/en/US/products/hw/switches/ps646/products_command_r
eference_chapter09186a008021145c.html
  ip access-list ext acl1
    permit ip host x.x.x.x any
    permit ip any host x.x.x.x
  vlan access-map alabala
   match ip address acl1 
   action forward
  vlan filter alabala vlan-list A

This works for my case. Boyan: thanks a lot.

Stefan

On Wed, Aug 11, 2004 at 04:37:24PM +0200, Stefan Baltus wrote:


Hi,

We have a situation where we need to intercept certain IP traffic
that is somewhere within a link of 300Mbit/s of traffic (GigabitEthernet).
The setup that we built is as follows:

router 
  ^
  | GE
  | 
fiber tap -------> cisco catalyst 3550
  |
  | GE
  v
switch


The catalyst 3350 is receiving the traffic from router to switch
and vice versa. Now, we'd like to filter all but certain IP's on the
3350 and switch this traffic to a FE port on that same 3550. Currently
we've put the FE interface in SPAN mode, but that fills up the
FE port completely (obviously). Is there any way to accomplish this?

Regards,

Stefan 

-- 
Stefan Baltus <stefan.baltus () xbn nl>        XB Networks B.V. 
Manager Engineering                         Televisieweg 2
telefoon: +31 36 5462400                    1322 AC  Almere
fax: +31 36 5462424                         The Netherlands


-- 
Stefan Baltus <stefan.baltus () xbn nl>        XB Networks B.V. 
Manager Engineering                         Televisieweg 2
telefoon: +31 36 5462400                    1322 AC  Almere
fax: +31 36 5462424                         The Netherlands

Current thread:

Legal intercept - 3550 Stefan Baltus (Aug 11)
- Re: Legal intercept - 3550 Ricardo "Rick" Gonzalez (Aug 11)
  - Re: Legal intercept - 3550 Joe Abley (Aug 11)
- Re: Legal intercept - 3550 Owen DeLong (Aug 11)
- Re: Legal intercept - 3550 Scott Stursa (Aug 11)
- Re: Legal intercept - 3550 Stefan Baltus (Aug 11)
- <Possible follow-ups>
- RE: Legal intercept - 3550 Burton, Chris (Aug 11)