Re: VACL on 3560 switch from Gobind Singh Gill on 2009-07-29 (Ccielab archives 07/2009)

From: Gobind Singh Gill <gobind_at_me.com>
Date: Wed, 29 Jul 2009 20:08:27 +0530

I agree with Jacob and Ryan. If you want to direct the traffic from
VLAN to NIDS then you have to use SPAN port.

Cheers,

Gobind

On Wed, Jul 29, 2009 at 7:56 PM, Jacob Uecker<juecker_at_ccbootcamp.com> wrote:
> Are you trying to send all traffic on VLAN 19 to a NIDS? In that case you
> should probably be using a SPAN port. A switch is only going to direct
> traffic to port F0/2 if the destination MAC address matches the MAC found in
> the CAM table or the destination port is unknown.
>
>
> Thanks,
>
> Jacob Uecker
> CCIE# 24481
>
> Development Engineer
> CCBOOTCAMP - Cisco Learning Partner (CLP)
> Toll Free: 877-654-2243
> International: +1-702-968-5100
> Skype: skype:ccbootcamp?call
> FAX: +1-702-446-8012
>
> YES! We take Cisco Learning Credits!
>
> Training And Remote Racks: http://www.ccbootcamp.com
>
>
>
> -----Original Message-----
> From: nobody_at_groupstudy.com on behalf of Marcio Costa
> Sent: Wed 7/29/2009 7:05 AM
> To: ccielab_at_groupstudy.com
> Subject: VACL on 3560 switch
>
> Hi Experts,
>
> How the switch (3560) will know which interface it should forward the
> captured traffic to the NIDS or host w/ Wireshark with this VACL config
> below?
>
> interface FastEthernet0/2 (the interface I want to connect the NIDS)
> switchport
> switchport host
> switchport access vlan 19
> speed 100
> duplex full
> no shutdown
> !
> exit
> !
> ip access-list extended ALLOWED_TRAFFIC
> permit ip any any
> !
> exit
> !
> vlan access-map VLAN19_FILTER 10
> match ip address ALLOWED_TRAFFIC
> action forward
> !
> exit
> !
> vlan filter VLAN19_FILTER vlan-list 19
>
> Is there anything missed ??
>
> Thanks in advanced,
> Marcio A. Costa
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Wed Jul 29 2009 - 20:08:27 ART

This archive was generated by hypermail 2.2.0 : Sat Aug 01 2009 - 13:10:23 ART