RE: Monitor multiple VLANs

["Martin Jr., D. Michael" <martinm () montevallo edu>]

Thanks Jeremy...that did it.  You are great!

Thanks again,

Michael

-----Original Message-----
From: Jeremy Junginger [mailto:jj () act com] 
Sent: Thursday, October 16, 2003 11:41 AM
To: Martin Jr., D. Michael; Chris Green 
Cc: snort-users () lists sourceforge net
Subject: RE: [Snort-users] Monitor multiple VLANs

The 4006 uses a "similar" set of commands.  Here are the ones you are
looking
for.  Set up the SPAN to monitor all vlans.  The syntax is included:

http://www.cisco.com/en/US/products/hw/switches/ps663/products_configura
tion_
guide_chapter09186a00800f0e28.html#1020431

Also, the 4006 uses 802.1q rather than ISL for its trunk links (AFAIK).
HTH,

-Jeremy

-----Original Message-----
From: Martin Jr., D. Michael [mailto:martinm () montevallo edu] 
Sent: Thursday, October 16, 2003 8:59 AM
To: Chris Green 
Cc: snort-users () lists sourceforge net
Subject: RE: [Snort-users] Monitor multiple VLANs


My problem is trying to figure out how to have a single port monitor the
multiple VLANs.  I understand that setting up SPAN (Switch Port
Analyzer) port may be the answer but this ^%$$^ Catalyst 4006 with Sup
III
does not even use the same commands as outlined in the docs I've seen by
Cisco.  Setting-up a separate Snort box for each VLAN would be too
costly
and, given our size, really overkill.  I just need to setup this port to
essentially "listen" to all the traffic on the other VLANs.

Suggestions?

Michael

-----Original Message-----
From: Chris Green [mailto:cmg () sourcefire com] 
Sent: Thursday, October 16, 2003 10:27 AM
To: Martin Jr., D. Michael
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Monitor multiple VLANs

*wave to montevallo.edu* (originally from Birmingham.. )

Snort by default just strips off the vlan headers and decodes the
packets as
if there were no vlans.  You will only run into troubles with using the
CISCO-specific trunking protocols (ISL)... but having multiple VLANs
won't be
a problem.


"Martin Jr., D. Michael" <martinm () montevallo edu> writes:

> I was wondering if anyone out there has been successful in configuring

> Snort to monitor traffic on multiple VLANs.  If so, how did you 
> accomplish this?  We are basically a "Cisco-shop" and are thinking of 
> segmenting our residence halls (and other areas) into separate VLANs
for
> security and virus propagation defense.  However, we would like to 
> configure our Snort box (Windows 2000) to actually be able to see and 
> "sniff" the traffic on all of the VLANs.
>
> Any suggestions?
>
> Thanks,
>
> Michael Martin
> University of Montevallo
-- 
Chris Green <cmg () sourcefire com>
Eschew obfuscation.


-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net
hosts over 70,000 Open Source Projects. See the people who have HELPED
US
provide better services: Click here:
http://sourceforge.net/supporters.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=ort-users


-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users