Legal intercept - 3550
Stefan Baltus
stefan.baltus at xbn.nl
Wed Aug 11 19:04:44 UTC 2004
Thanks for all the replies. The best solution was by Boyan Krosnov who
suggested the following:
Configure the GE port where the traffic comes in from the fiber tap in a
separate new vlan A, access mode.
Configure fastethernet X to be in access mode for vlan A.
Configure a static mac entry for vlan A pointing the destination mac
address of the router where the traffic heads to to fastethernet X.
Connect your sniffer on Fastethernet X.
-- at this stage all traffic going to that router will be dumped to the
sniffer. Not precisely what you want.
-- now comes the trick
Configure a VLAN access-map
http://www.cisco.com/en/US/products/hw/switches/ps646/products_command_r
eference_chapter09186a008021145c.html
ip access-list ext acl1
permit ip host x.x.x.x any
permit ip any host x.x.x.x
vlan access-map alabala
match ip address acl1
action forward
vlan filter alabala vlan-list A
This works for my case. Boyan: thanks a lot.
Stefan
On Wed, Aug 11, 2004 at 04:37:24PM +0200, Stefan Baltus wrote:
>
> Hi,
>
> We have a situation where we need to intercept certain IP traffic
> that is somewhere within a link of 300Mbit/s of traffic (GigabitEthernet).
> The setup that we built is as follows:
>
> router
> ^
> | GE
> |
> fiber tap -------> cisco catalyst 3550
> |
> | GE
> v
> switch
>
>
> The catalyst 3350 is receiving the traffic from router to switch
> and vice versa. Now, we'd like to filter all but certain IP's on the
> 3350 and switch this traffic to a FE port on that same 3550. Currently
> we've put the FE interface in SPAN mode, but that fills up the
> FE port completely (obviously). Is there any way to accomplish this?
>
> Regards,
>
> Stefan
>
> --
> Stefan Baltus <stefan.baltus at xbn.nl> XB Networks B.V.
> Manager Engineering Televisieweg 2
> telefoon: +31 36 5462400 1322 AC Almere
> fax: +31 36 5462424 The Netherlands
--
Stefan Baltus <stefan.baltus at xbn.nl> XB Networks B.V.
Manager Engineering Televisieweg 2
telefoon: +31 36 5462400 1322 AC Almere
fax: +31 36 5462424 The Netherlands
More information about the NANOG
mailing list