[rescue] Re: Jeez!!! Are ethernet taps are a racket business?

Gavin Hubbard ghub005 at xtra.co.nz
Thu Jul 31 05:08:14 CDT 2003

>Actually, after checking out the cisco docs, it looks like I can create
>multiple span ports.  If I pick up a used 2924 for about $600 I could do
>something like:
>1. Split the switch up into 3 vlans.
>2. Use one port as a span port for each vlan.
>3. Connect each span port (3) to a nic in the ids.
>This carries the addes benefit of cleaning up the architecture really
>nicely.  I could set up the ports as follows:
>ports  |   vlan  |   desc
>1-3    |   wan   |   ids, router, sdsl
>4-8    |   dmz   |   ids, router, wireless, mail, www
>9-24   |   lan   |   ids, router, hosts(14)
>Ports 3,8,24 would be span ports for the respective vlans.
>Simple, clean, I like it.
>Am I missing something or is this my answer?

This will work fine, I use a similar setup myself to record the traffic through my console server (though I have a 2950T rather than a 2924). The only thing to watch is that should the total traffic on each vlan exceed 100Mbps your spanned port will drop the excess traffic. I doubt this will be an issue on your WAN or DMZ vlan, but the 'lan' vlan will almost certainly spike every so often.



More information about the rescue mailing list