From: Karl Young (kaelwyoung@netscape.net)
Date: Mon Dec 09 2002 - 06:27:42 GMT-3
Carlos ,
I think the original question intimated that you had the use of a protocol Analyzer at your disposal .My reading of the question was to use the SPAN feature of the 3550 to look at IP traffic.Maybe I am going down the wrong path here but, I think it would be a valid CCIE question to test the candidates knowledge of SPAN, Spanning Tree and Port mirroring.
Regards,
Karl W Young.
"Carlos" <cchorao@xtra.co.nz> wrote:
>Hi ,
>
>Of the suggestions and comment made so for to the original question none of
>the suggestions have considered using RSPAN combined with Vlan maps.
>My thoughts and rationale are as follows :
>
>1. Lets assume that the intent of original question is to somehow configure
>the switch to monitor only IP ( as opposed to filtering by packet
>analyzer).If this is so then ideally want to filter at the source.
>
>2.Reasons why SPAN wont work
> - Span mirrors all received and/or sent traffic on the source port to
>the destination port;
> - Span mirror the source port before acl's, vlan maps,qos,pbr or any
>other features that may be configured on the source port and cause he
>packet to be dropped;
> These 2 points are clearly explained in chapter 23 to the 3550 config
>guide
>
>3. Reasons why RSPAN may work
> - Rspan does not support layer 2 protocols
> - You can apply Vlan maps to the Rspan.
>
>On the basis of the above one approach at solving the original problem would
>be to
> - Configure Rspan on the switch
> - Configure a vlan map to only permit IP traffic onto the Rspan Vlan
> - Direct the output from the rspan vlan to the output interface
>
>Chapter 23 and 27 of the 3550 config guide rel 12.1(12c) cover these
>features well.
>
>My suggestion seems so radically different to what has been suggested so far
>that I would appreciate some feedback on where my reasoning/interpretation
>may be wrong.
>
>
>Carlos
>Telecom New Zealand - Advanced Solutions
>
>----- Original Message -----
>From: "CCOnlineLabs.com" <tschaffran@cconlinelabs.com>
>To: "'Karl Young'" <kaelwyoung@netscape.net>; "'"Chuck Church"'"
><cchurch@optonline.net>; "'"Massimiliano Tognon"'" <mtognon@tecnonetspa.it>;
><ccielab@groupstudy.com>
>Sent: Monday, December 09, 2002 4:47 AM
>Subject: RE: question about 3550
>
>
>> I concur. You might be reading too deep into the question.
>>
>>
>> Tony Schaffran
>> CCOnlineLabs.com
>> http://www.cconlinelabs.com
>>
>>
>>
>> -----Original Message-----
>> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>> Karl Young
>> Sent: Saturday, December 07, 2002 11:44 AM
>> To: "Chuck Church"; "Massimiliano Tognon"; ccielab@groupstudy.com
>> Subject: Re: question about 3550
>>
>> Chuck,
>> It seems that all they ask is for you to Mirror one port to a
>> second port period.You can then use the Protocol Analyzer to monitor IP
>> only traffic on the mirrored port .
>> Karl
>>
>> Viz:
>>
>> http://www.cisco.com/en/US/products/hw/switches/ps646/products_configura
>> tion_guide_chapter09186a008007f3d5.html#14293
>>
>> __________________________________________________________________
>> The NEW Netscape 7.0 browser is now available. Upgrade now!
>> http://channels.netscape.com/ns/browsers/download.jsp
>>
>> Get your own FREE, personal Netscape Mail account today at
>> http://webmail.netscape.com/
>> .
>> .
-- KARL W YOUNG EMAIL:kaelwyoung@netscape.net
This archive was generated by hypermail 2.1.4 : Fri Jan 17 2003 - 17:21:41 GMT-3