[rescue] Re: Jeez!!! Are ethernet taps are a racket business?
Gavin Hubbard
ghub005 at xtra.co.nz
Thu Jul 31 05:08:14 CDT 2003
>Actually, after checking out the cisco docs, it looks like I can create
>multiple span ports. If I pick up a used 2924 for about $600 I could do
>something like:
>
>1. Split the switch up into 3 vlans.
>2. Use one port as a span port for each vlan.
>3. Connect each span port (3) to a nic in the ids.
>
>This carries the addes benefit of cleaning up the architecture really
>nicely. I could set up the ports as follows:
>
>ports | vlan | desc
>------------------------------------------------------
>1-3 | wan | ids, router, sdsl
>4-8 | dmz | ids, router, wireless, mail, www
>9-24 | lan | ids, router, hosts(14)
>
>Ports 3,8,24 would be span ports for the respective vlans.
>
>Simple, clean, I like it.
>
>Am I missing something or is this my answer?
This will work fine, I use a similar setup myself to record the traffic through my console server (though I have a 2950T rather than a 2924). The only thing to watch is that should the total traffic on each vlan exceed 100Mbps your spanned port will drop the excess traffic. I doubt this will be an issue on your WAN or DMZ vlan, but the 'lan' vlan will almost certainly spike every so often.
Regards,
Gavin
More information about the rescue
mailing list