Re: Legal intercept

North American Network Operators Group

Re: Legal intercept - 3550

From: Stefan Baltus
Date: Wed Aug 11 15:07:21 2004

Thanks for all the replies. The best solution was by Boyan Krosnov who
suggested the following:

Configure the GE port where the traffic comes in from the fiber tap in a
separate new vlan A, access mode.
Configure fastethernet X to be in access mode for vlan A.
Configure a static mac entry for vlan A pointing the destination mac
address of the router where the traffic heads to to fastethernet X. 
Connect your sniffer on Fastethernet X. 
-- at this stage all traffic going to that router will be dumped to the
sniffer. Not precisely what you want. 
-- now comes the trick 
Configure a VLAN access-map
http://www.cisco.com/en/US/products/hw/switches/ps646/products_command_r
eference_chapter09186a008021145c.html
  ip access-list ext acl1
    permit ip host x.x.x.x any
    permit ip any host x.x.x.x
  vlan access-map alabala
   match ip address acl1 
   action forward
  vlan filter alabala vlan-list A

This works for my case. Boyan: thanks a lot.

Stefan

On Wed, Aug 11, 2004 at 04:37:24PM +0200, Stefan Baltus wrote:
> 
> Hi,
> 
> We have a situation where we need to intercept certain IP traffic
> that is somewhere within a link of 300Mbit/s of traffic (GigabitEthernet).
> The setup that we built is as follows:
> 
> router 
>   ^
>   | GE
>   | 
> fiber tap -------> cisco catalyst 3550
>   |
>   | GE
>   v
> switch
> 
> 
> The catalyst 3350 is receiving the traffic from router to switch
> and vice versa. Now, we'd like to filter all but certain IP's on the
> 3350 and switch this traffic to a FE port on that same 3550. Currently
> we've put the FE interface in SPAN mode, but that fills up the
> FE port completely (obviously). Is there any way to accomplish this?
> 
> Regards,
> 
> Stefan 
> 
> -- 
> Stefan Baltus <[email protected]>        XB Networks B.V. 
> Manager Engineering                         Televisieweg 2
> telefoon: +31 36 5462400                    1322 AC  Almere
> fax: +31 36 5462424                         The Netherlands

-- 
Stefan Baltus <[email protected]>        XB Networks B.V. 
Manager Engineering                         Televisieweg 2
telefoon: +31 36 5462400                    1322 AC  Almere
fax: +31 36 5462424                         The Netherlands

References:
- Legal intercept - 3550 Stefan Baltus

Prev by Date: Re: Are AOL's MXs mass rejecting anyone else's emails?
Next by Date: Re: Testing procedures for new network implementation?
Date Index
Thread Index
Author Index
Historical