Here's a wild idea: can you put a couple of extra Ethernet cards in a Mac and connect your three Ethernet ports to the three networks? Since the Mac won't be routing packets between the networks, it should be safe.
Alternatively, could you funnel the three networks into three VLANs and have them all dump out at a single port? You could connect your Mac to it and multihome the Ethernet port with three IP addresses. If this is too much connectivity, perhaps you could talk the powers-that-be into allowing a firewall to span the three networks and allow only SNMP traffic to and from a specific IP (your InterMapper machine). If they don't trust a firewall to keep the networks segregated, then here's my last resort suggestion: get three IM servers and hook one up in each tier. Then run their keyboard, video, and monitor outputs into a KVM switch so you can get all three IM systems on the same screen. Most KVM switches I've seen can be set to automatically cycle through the various screens, like security cameras. If distance is a problem, check out the Paragon KVM products from Raritan - they can extend KVM signals over ordinary CAT5 wiring. This solution won't let you put devices from different tiers on the same map, but at least you can see all three tiers on the same display. Hope this has been at least thought-provoking! Doug -- Doug Weathers, Network Administrator St. Charles Medical Center >>> [EMAIL PROTECTED] 03/06/03 12:45PM >>> Hi All: We have a multi-tiered network here, divided into three tiers for security purposes. Machines at tier 1 are (relatively) wide open; machines at tier 2 cannot be seen AT ALL from tier 1, and tier 2 machines have very specific one-way port forwarding to see tier 1. Tier 3 is similarly buried beneath tier 2. Intermapper running on a tier 1 machine can see nothing on tiers 2 or 3. Intermapper on tier 2 could conceivably SNMP-query tier 1 machines but the responses would be blocked. So far it looks as if each tier will have to have its own standalone IM machine. This is okay, except we'd like to be able to monitor them all together with IM Remote to avoid a proliferation of screens for operators to watch. The only scheme we've been able to come up with is to find a way for tier 2 and 3 IM's to create some form of snapshot file which is then pushed up to tier 1 on some kind of regular basis. Ideally this would be via UDP through a strictly write-only port (i.e. not even acks going back down). If the "snapshot" contained enough information to be able to query devices etc. on it (albeit at a single point in time), this might be just what we need. Anyone have any ideas as to how we could do this more elegantly without opening up exploitable ports between tiers? Thanks for any insights! -- -- Mike Dustan, Computing Operations & Tech. Support, Simon Fraser University, Burnaby, BC Canada. Web: http://www.sfu.ca/ots/ I'm never wrong. I thought I was wrong once, but I was wrong. ____________________________________________________________________ List archives: http://www.mail-archive.com/intermapper-talk%40list.dartware.com/ To unsubscribe: send email to: [EMAIL PROTECTED] ____________________________________________________________________ List archives: http://www.mail-archive.com/intermapper-talk%40list.dartware.com/ To unsubscribe: send email to: [EMAIL PROTECTED]
