- A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
Re: Ip snooping in cisco routers [7:74708] posted 09/03/2003
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]

""Reimer, Fred""  wrote in message ...
> E gads!  All hacks because even at this time Cisco can't manage to write
> little code necessary to create a buffer in memory where packets can be
> stored, and then transferred via TFTP.  With today's routers that have
> than enough processing power and memory, there's just no excuse, IMO.

I, personally, prefer ERSPAN to most other methods.  Being able to
have an encapsulated stream of capture data available from any available
IP routed path (could be the whole Internet), and able to export to your
personal workstation, e.g., running tcpdump or Ethereal, is definitely the
proper way to be sniffing.

OTOH, Junipers should be able to do what you are talking about in some
(but not all) cases.  Depends on how much traffic you are talking about.

The RSPAN+VACL method described on CCO is just as valid as
anything else, but requires Cisco Catalyst switches with some type of
Layer-3 functionality (e.g. Cat3550, some Cat6k, some Cat4k, others).
In the case of a 6500 it requires a PFC card, of which all Sup2 and Sup720
modules include.  Sup1/Sup1a needs PFC to do RSPAN.


Message Posted at:
**Please support GroupStudy by purchasing from the GroupStudy Store:
FAQ, list archives, and subscription info: