Re: Cisco 5000 span port problem - Gigabit/100mb

["David Chait" <davidc () bonair stanford edu>]

Mike,
    I am currently spanning a 5505 (10/100 and 100fx) without an issue.
Basically instead of specifying ports to span, I stuck them all in 1 vlan,
then spannned the vlan to 1 10/100 port for snort.

Cheers,
David

----- Original Message -----
From: "Mike Shaw" <mshaw () wwisp com>
To: <snort-users () lists sourceforge net>
Sent: Friday, December 14, 2001 1:25 PM
Subject: [Snort-users] Cisco 5000 span port problem - Gigabit/100mb


> Has anyone else observed that on a Cisco 5500 series switch, a span port
> monitoring will not include packets from a different topology?
>
> In other words, if you span on a 100 mbit card, you'll be able to observe
> all collision domain traffic, but only for hosts that have a 100 mbit
> card.  And if you span on a gigabit card, you can only observe all gigabit
> hosts in your collision domain--but *only* gigabit hosts.  I didn't see
> this in the Cisco docs (although that doesn't mean it isn't there).
>
> Has anyone else seen this?  If you haven't, and you have the same layout,
> you might want to check to be sure you're observing all the packets you
> think you are...
>
> -Mike
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users