Re: Forwarding traffic to an active IDS/Firewall

[Aaron Smith <smitha () byui edu>]

On Wed, 2005-07-13 at 18:39 -0300, Vinicius Pavanelli Vianna wrote:
> Hi all,
>
> Anyone knows how I can forward all traffic the came to a Cisco Catalyst
> swith to an gateway to do some IDS/Firewall/Traffic Shape?
> In ipfw (freebsd) this would be done by an "fwd" rule to forward all
> packets to an forced gateway, this can be done in an cisco device or i
> need to emulate all the valid IPs on the switch and use a VLAN with the
> servers so the IDS receive the packets and forward to the internal VLAN,
> this would be a little harmful ;)
>
> TIA,
> Vinicius

It sounds to me like you are wanting to do a port SPAN.  A SPAN will
forward all [1] traffic from one port to another for analysis, making it
appear that both switched ports are in the same collision domain.
Cisco's site has documentation for CatOS and IOS on configuring SPANs,
but from memory it's goes something like this in IOS:
(conf t) monitor session 1 source interface blah blah
(conf t) monitor session 1 destination interface blah blah

In CatOS it's something like "set port span" or "set span", I don't
fully recall.  I hope this is enough to get you started :~)

[1] almost all--some error packets get dropped.  Thanks a lot, cisco :~\

_________________________________

@@ron Smith <smitha () byui edu>
Network Operations
Brigham Young University Idaho

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards