Legal intercept - 3550
Scott Stursa
stursa at mailer.fsu.edu
Wed Aug 11 17:37:51 UTC 2004
On Wed, 11 Aug 2004, Stefan Baltus wrote:
> The catalyst 3350 is receiving the traffic from router to switch
> and vice versa.
Can we assume the 3550 port attached to the tap is GE?
> Now, we'd like to filter all but certain IP's on the
> 3350 and switch this traffic to a FE port on that same 3550. Currently
> we've put the FE interface in SPAN mode, but that fills up the
> FE port completely (obviously). Is there any way to accomplish this?
It might be possible to assign a VLAN to the 3550 port and set up a VACL
(VLAN ACL) to filter, capture, and direct the data to another 3550 port. I
did this two years ago while evaluating an IDS blade in a 6500 chassis,
and wanted to reduce the number of false positives. In that case the
output was directed to the IDS module, but it may be possible to direct it
to a physical port.
I haven't messed with VACLs since then, and thus cannot provide specific
syntax for doing this, so I'd suggest you go to www.cisco.com and search
on: vacl ids
Good luck,
- SLS
-------------------------------------------------------------------------
Scott L. Stursa 850/645-2397
Network Security Assessment stursa at mailer.fsu.edu
User Services/Office of Technology Integration Florida State University
The Internet? Yeah, I remember that. Well, all I can say is
that it seemed like a good idea at the time...
- Any Number of People, circa 2020
More information about the NANOG
mailing list