|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Legal intercept - 3550
On Wed, 11 Aug 2004, Stefan Baltus wrote: > The catalyst 3350 is receiving the traffic from router to switch > and vice versa. Can we assume the 3550 port attached to the tap is GE? > Now, we'd like to filter all but certain IP's on the > 3350 and switch this traffic to a FE port on that same 3550. Currently > we've put the FE interface in SPAN mode, but that fills up the > FE port completely (obviously). Is there any way to accomplish this? It might be possible to assign a VLAN to the 3550 port and set up a VACL (VLAN ACL) to filter, capture, and direct the data to another 3550 port. I did this two years ago while evaluating an IDS blade in a 6500 chassis, and wanted to reduce the number of false positives. In that case the output was directed to the IDS module, but it may be possible to direct it to a physical port. I haven't messed with VACLs since then, and thus cannot provide specific syntax for doing this, so I'd suggest you go to www.cisco.com and search on: vacl ids Good luck, - SLS ------------------------------------------------------------------------- Scott L. Stursa 850/645-2397 Network Security Assessment [email protected] User Services/Office of Technology Integration Florida State University The Internet? Yeah, I remember that. Well, all I can say is that it seemed like a good idea at the time... - Any Number of People, circa 2020
|