RE: Configuring Cisco switches...

[Erek Adams <erek () theadamsfamily net>]

On Fri, 21 Sep 2001, Bryan Childs wrote:

> Ok - after talking to my net admin chappy - he has another question, and I
> quote :
>
> "it would be better to ask of the best way to set up an ethernet network to
> optimise your chances of capturing information whilst maintaining high
> performance switched networks"
>
> and he said to ignore any smart arses that suggested going back to using
> hubs :)
>
> Well ?

Well, I can't say 'Use a Hub' so...  I'll say use a tap.

> Anyone got any good advice on this...
>
> On the face of it - turning on the port mirroring on the switch sounds like
> it will do the job - but will anything suffer noticeably after we've done
> it? (Apart from the snort box, we're expecting that!)

OK, serious answer here (Yeah, I know, it's not like me...  :) :  Depending on
the switch processor and backplane is the main factor in losing network
performance.  If you switch is a billy-bad-ass 6509, for example, and you only
have 5mb of traffic, then you'll be fine.  If it's a 2924 and you're pushing
70mbs, you might have issues.

If you want to skip the switch, you could use a Shomiti Tap for it.  Shomiti
just got aquired or name changed to Finisar Systems...  You can find them
here: http://www.finisar-systems.com/products/taps_and_splitters.html  The
cost is a bit high, but cheaper than a new switch if that's not an option.

Now, see why a hub is just simpler?  ;-)

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net




_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users