Re: HELP on 4 port etherswitch module.

From: Tarun Pahuja (pahujat@gmail.com)
Date: Fri Nov 16 2007 - 04:10:28 ART

• Next message: Vaibhav Sharma: "Re: How I could easily find, which IOS version and which IOS"
• Previous message: amin: "How I could easily find, which IOS version and which IOS"
• Maybe in reply to: Biggs, Jeff \(M/CIO/BIE\): "HELP on 4 port etherswitch module."
• Next in thread: Biggs, Jeff \(M/CIO/BIE\): "RE: HELP on 4 port etherswitch module."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Ask him if the software supports dot1q trunking. If yes, Send the
interesting traffic in Native Vlan. The concept of Native vlan was included
with dot1q in the initial draft to accommodate backward compatibility with
devices that did not understand or support tagging, hence native vlan.

HTH,
Tarun

On Nov 15, 2007 8:10 PM, Biggs, Jeff (M/CIO/BIE) <JBiggs@usaid.gov> wrote:

> I have a security person that has a tap on one of our connections that
> is hanging off of one of our 4 port Etherswitch modules on a 2811. The
> source side from our router is the 192.168 side of the connection. The
> complaint from the security person is that they would like the "vlan
> tag" removed so there tap software can group the traffic better (go
> figure). I believe this is the nature of this card and that there is
> nothing we can do about it, but would like to verify this with
> documentation if it is out there. Anyone have any ideas?
>
>
>
> Router config:
>
>
>
> interface FastEthernet0/0/1
>
> description <<FW01>>
>
> switchport access vlan 48
>
> !
>
> interface FastEthernet0/0/2
>
> description <<FW02>>
>
> switchport access vlan 48
>
> !
>
> interface FastEthernet0/0/3
>
> shutdown
>
> !
>
> interface Vlan1
>
> no ip address
>
> !
>
> interface Vlan48
>
> ip address 192.168.48.1 255.255.255.0
>
>
>
> This is what the TAP is seeing:
>
>
>
> 13:54:41.822389 IP 11.1.11.1.www > 192.168.46.2.53081: . ack 295 win 432
>
> 13:54:41.822838 IP 11.1.11.1.www > 192.168.46.2.53081: P 1:545(544) ack
> 295 win 432
>
> 13:54:41.822842 IP 11.1.11.1.www > 192.168.46.2.53081: F 545:545(0) ack
> 295 win 432
>
> 13:54:41.829957 vlan 48, p 0, IP 192.168.46.2.53081 > 11.1.11.1.www: .
> ack 546 win 16378
>
> 13:54:41.830001 vlan 48, p 0, IP 192.168.46.2.53081 > 11.1.11.1.www: F
> 295:295(0) ack 546 win 16378
>
> 13:54:41.831561 vlan 48, p 0, IP 192.168.46.2.53082 > 11.1.11.1.www: S
> 417069398
>
>
>
>
>
> Jeffrey Biggs
>
> Sr. Network Engineer
>
> USAID
>
> M/CIO/BIE
>
> 240-646-5003
>
> jbiggs@usaid.gov <mailto:jbiggs@usaid.gov>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Vaibhav Sharma: "Re: How I could easily find, which IOS version and which IOS"
• Previous message: amin: "How I could easily find, which IOS version and which IOS"
• Maybe in reply to: Biggs, Jeff \(M/CIO/BIE\): "HELP on 4 port etherswitch module."
• Next in thread: Biggs, Jeff \(M/CIO/BIE\): "RE: HELP on 4 port etherswitch module."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Dec 01 2007 - 06:37:30 ART