[unisog] split-tap or "span" suggestions?

Steve Bernard sbernard at gmu.edu
Tue Sep 3 19:48:37 GMT 2002


The NetOptics equipment that I use has worked well. I have both OC-3 and
Gigabit-FX Regeneration taps.

Regards,

Steve Bernard
Systems Engineer, NET
George Mason University


-----Original Message-----
From: Nathanael Bills [mailto:bills at arsc.edu]
Sent: Tuesday, September 03, 2002 2:25 PM
To: John Kemp
Cc: unisog at sans.org; security at uoregon.edu
Subject: Re: [unisog] split-tap or "span" suggestions?



On Fri, 30 Aug 2002, John Kemp wrote:

>
> We have a gigabit LX link that we monitor.
> We're at the point where we want to expand
> that.  If we can split it optically, that works
> but still limits us to one input.  One example:
> http://www.netoptics.com/4x1-tap.html
>
> I notice that various Cisco switches have "span"
> ports.  This capability might get us to a
> 2 - input -> 4 - output capability, which is
> really my ultimate target.
>
<snip>

The span capability may not be what you want as it has some limitations.
You're only allowed two span sessions per switch.  Also, where the CatOS
allows for monitoring the inbound and outbound traffic of more than one
port per span session, switches running IOS code can monitor the inbound
and outbound traffic of one port in a span session but just the input of
any additional ports as part of that session.  I also have not seen
anything that says you can forward the data to more than one destination
port.

That's been my experience with the Catalyst 6500 series switches.
Cisco may have increased that capability in more recent code releases.

nathan



------------------------------------------------------------------

Nathan Bills
nathan.bills at arsc.edu
Arctic Region Supercomputing Center






More information about the unisog mailing list