Switched Network Woes - Update

["Joe Pampel" <joe () ardsley com>]

Just a quick update for everyone who helped out or read my FW cluster problem a few weeks back..

briefly I went from 1 FW to 2 (rainwall cluster) and from 2 if to 4, and soon to be 6 or 8.. and I was not sure how I 
could keep tabs on the net w/o using n+1 NIC cards.. (a drag to build, and a waste of datacenter patch bays IMHO..) 

The clean fix was to upgrade the FW & SW rev on the switches (Bay 450's) - the latest code allows sniffing <-->Port X 
and <--> Port Y  from a user specified monitor port.. so I can watch a pair of firewall nics per switch (or logical 
switch) with one Snorting NIC.. I didn't realize we were on a super old rev of code at the time I posted.. live and 
learn!  Nice part is the 450 code is all free on Nortel's site. 
Get tftpd32 (download.com has it)  and then DL the firmware and OS image files from Nortel. 
Do the FW file FIRST. Both files have the same name, FW ends in '1', OS ends in '2'.. to remind you of the order! If 
you do the OS first, you'll have to RMA the switch per Nortel support..  (I didn't try to verify this independently! 
But they were nice enough to give me a leg up despite not having switch support..) also if going from a sub 2.0 rev to 
a higher one, put 2.0 on first and then go from 2 to whatever.. basically it's like tftp-ing anything else.. pretty 
painless in my experience.. just make sure the switch is out of production since it will reload after each update, and 
may lose its IP address. 

Big lesson is Never Assume.. (like assuming your switch code was written this century!) Someday I'll learn that one. 
;-) 

Hope this helps someone. 

- Joe


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users