I cannot speak to the 3500 series, but in the Cat
5000/6000 line, you span a port to either copy the
contents of a port or an entire VLAN. The membership
of the port that has the Sniffer is moot in this
instance. It is further possible, although I can't
think of too many good reasons to do this, that you
can set the switch to receive packets from the
Sniffer, which would allow use of the port membership
VLAN in addition to the receipt of frames from the
span process. In essence you would get two VLANs in
one, but, again, :( Typically I set the span port to
a 'defunct' VLAN with no other members and no
representation on the RSM/MSFC. I may see BPDUs and
CDP packets, but the majority will be the traffic I
desire.
--- "The.rock" <[EMAIL PROTECTED]> wrote:
> I believe that the 3500 Catalyst series will even
> let you monitor ports on
> other switches if you want. Check into it, but I
> think you can.
>
> ""NetEng"" <[EMAIL PROTECTED]> wrote in
> message
> 99bbkk$p8a$[EMAIL PROTECTED]">news:99bbkk$p8a$[EMAIL PROTECTED]...
> > We have had a pissing match lately and here's the
> details. One person
> states
> > that a VLan can not be sniffed because it is on a
> different subnet. The
> > other person says it can becuase it's physically
> on the same switch. I
> think
> > you can to a point. Here's what I mean; let's say
> we have a 3524 with two
> > Vlans, VLAN1 (we'll call it InfoSys), and VLAN2
> (called HR). If I have a
> > sniffer running on InfoSys, I should be able to
> sniff traffic on my subnet
> > as well as traffic from HR to InfoSys (ie HR
> employee accessing mail
> server
> > on InfoSys), right? The only difference is that
> the source MAC address
> would
> > change. I should not be able to sniff traffic
> local to HR (ie an employee
> > accessing accounting software) right? What's the
> rub?
> >
> >
> >
> >
> > _________________________________
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to
> [EMAIL PROTECTED]
> >
>
>
> _________________________________
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]
=====
Robert Padjen
__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail.
http://personal.mail.yahoo.com/
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
