Are you trying to send all traffic on VLAN 19 to a NIDS? In that case you
should probably be using a SPAN port. A switch is only going to direct
traffic to port F0/2 if the destination MAC address matches the MAC found in
the CAM table or the destination port is unknown.
Thanks,
Jacob Uecker
CCIE# 24481
Development Engineer
CCBOOTCAMP - Cisco Learning Partner (CLP)
Toll Free: 877-654-2243
International: +1-702-968-5100
Skype: skype:ccbootcamp?call
FAX: +1-702-446-8012
YES! We take Cisco Learning Credits!
Training And Remote Racks: http://www.ccbootcamp.com
-----Original Message-----
From: nobody_at_groupstudy.com on behalf of Marcio Costa
Sent: Wed 7/29/2009 7:05 AM
To: ccielab_at_groupstudy.com
Subject: VACL on 3560 switch
Hi Experts,
How the switch (3560) will know which interface it should forward the
captured traffic to the NIDS or host w/ Wireshark with this VACL config
below?
interface FastEthernet0/2 (the interface I want to connect the NIDS)
switchport
switchport host
switchport access vlan 19
speed 100
duplex full
no shutdown
!
exit
!
ip access-list extended ALLOWED_TRAFFIC
permit ip any any
!
exit
!
vlan access-map VLAN19_FILTER 10
match ip address ALLOWED_TRAFFIC
action forward
!
exit
!
vlan filter VLAN19_FILTER vlan-list 19
Is there anything missed ??
Thanks in advanced,
Marcio A. Costa
Blogs and organic groups at http://www.ccie.net
Received on Wed Jul 29 2009 - 07:26:45 ART
This archive was generated by hypermail 2.2.0 : Sat Aug 01 2009 - 13:10:23 ART