RE: One sensor for three switches

["Ross Sweetzir" <ross () sweetzir com>]

You could create a monitoring VLAN on one switch, plug your monitoring
interfaces into this VLAN, and then use 100Bt or better yet a 1000Bt
NIC/ and GBIC to monitor all traffic on that VLAN.  Then you would only
need one NIC in your snort box.
If you need more help on the switch configuration let me know.  This
configuration does eat switch ports, but if you have them spare it might
be easier to manage than multiple NICS.   
 
-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Carlton L.
Whitmore
Sent: Wednesday, July 28, 2004 3:48 PM
To: Kreimendahl, Chad J; snort-users () lists sourceforge net
Subject: RE: [Snort-users] One sensor for three switches
 
Do I need to relaunch snort to get it to recognize the other NIC cards?
 
 
  _____  

From: Kreimendahl, Chad J [mailto:Chad.Kreimendahl () umb com] 
Sent: Thursday, July 22, 2004 9:40 AM
To: snort-users () lists sourceforge net
Subject: RE: [Snort-users] One sensor for three switches
 
dual or quad interface NIC card.... or just additional NIC cards if
they'll fit.
 
  _____  

From: Carlton L. Whitmore [mailto:cwhitmore () Advocacyinc org] 
Sent: Wednesday, July 21, 2004 2:32 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] One sensor for three switches
I have port 3 on my Catalyst 2950 switches monitoring the ports on each
switch. Is there a way to have one port monitor the traffic on other
switches?
I really don't want to setup a sensor for every switch.
Carlton.