Legal intercept - 3550

Scott Stursa stursa at mailer.fsu.edu
Wed Aug 11 17:37:51 UTC 2004


On Wed, 11 Aug 2004, Stefan Baltus wrote:

> The catalyst 3350 is receiving the traffic from router to switch
> and vice versa.

Can we assume the 3550 port attached to the tap is GE?

> Now, we'd like to filter all but certain IP's on the
> 3350 and switch this traffic to a FE port on that same 3550. Currently
> we've put the FE interface in SPAN mode, but that fills up the
> FE port completely (obviously). Is there any way to accomplish this?


It might be possible to assign a VLAN to the 3550 port and set up a VACL
(VLAN ACL) to filter, capture, and direct the data to another 3550 port. I
did this two years ago while evaluating an IDS blade in a 6500 chassis,
and wanted to reduce the number of false positives. In that case the
output was directed to the IDS module, but it may be possible to direct it
to a physical port.

I haven't messed with VACLs since then, and thus cannot provide specific
syntax for doing this, so I'd suggest you go to www.cisco.com and search
on: vacl ids

Good luck,

- SLS

-------------------------------------------------------------------------
Scott L. Stursa                                              850/645-2397
Network Security Assessment                         stursa at mailer.fsu.edu
User Services/Office of Technology Integration   Florida State University

     The Internet? Yeah, I remember that. Well, all I can say is
     that it seemed like a good idea at the time...

                               - Any Number of People, circa 2020



More information about the NANOG mailing list