세이박스

'Cisco'에 해당되는 글 2건

  1. Cisco Catalyst express 500 써보신분
  2. Cisco L2, L3 스위치 VLAN 설정 방법

Cisco Catalyst express 500 써보신분

서버,보안
 
>안녕하십니까.. 카페열분들 너무 너무 바쁘신데 궁금해서 이렇게 글 올립니다.
>
>ce500 제품에서 포트 미러링이 되나요?
>
>혹시 아시는분 좀 말씀 좀 부탁드립니다. ^^;
>
>혹시 ce500 기능은 어떤기능들이 있는지 알고싶습니다. 꼭 좀 알려주세요.
 
---
어라~~ 이넘도 되네요.. 안될줄 알았는데.. ㅜㅜ
혹시나 해서..
http://www.cisco.com 가서.. [express 500 mirror] 라고 치니깐.. 젤 위에 나오네요..
cisco 홈피에서 찾기 잘하면.. 의외로 빨리 수확을 얻을 수 있습니다.. ^^
 
Cisco Catalys Switch 의 대부분 장비의 SPAN(Mirror) 컨피그 방법을 다뤘네요..
즐겨찾기 하는 센스가 있음 좋겠죠.. ^^
 
이넘.. 괜찮아요.. 장애만 안나면..
But.. 콘솔이 없는 관계로 장애 나면.. 끝장이라는.. ㅠㅠ
 
앞으로 왠만하면.. 사지마세요..
비싸더라도.. C2950 이나.. C2960 사세요..
 
-----------------------------------------------------------------------------------------------------------------------
 

SPAN on Catalyst Express 500

Catalyst Express 500 supports only the SPAN feature. Catalyst Express 500 ports can be configured for SPAN only by using the Cisco Network Assistant (CNA). Complete these steps to configure the SPAN:
  1. Download and install CNA on the PC.
    You can download CNA from the Download Software page.
  2. Complete the steps given in Getting Started Guide for the Catalyst Express 500 Switches in order to customize the switch settings.
  3. Use CNA to log into the switch, and click Smartport.
    41x.gif
  4. Click any interface where you plan to connect the PC in order to capture the sniffer traces.
  5. Click Modify.
    A small pop-up box appears.
  6. Choose the Diagnostics role for the port.
  7. Choose the source port and select the VLAN you plan to monitor.
    If you select none, the port only receives traffic. The Ingress VLAN allows the PC connected to the Diagnostics port to send packets to the network that uses that VLAN.
    41y.gif
  8. Click OK in order to close the pop-up box.
  9. Click OK and then Apply the settings.
  10. You can use any Sniffer software in order to trace the traffic once you set up the diagnostic port.

SPAN on the Catalyst 2900XL/3500XL Switches

Features that are Available and Restrictions

The port monitoring feature is not very extensive on the Catalyst 2900XL/3500XL. Therefore, this feature is relatively easy to understand.
You can create as many local PSPAN sessions as necessary. For example, you can create PSPAN sessions on the configuration port that you have chosen to be a destination SPAN port. In this case, issue the port monitor interface command in order to list the source ports that you want to monitor. A monitor port is a destination SPAN port in Catalyst 2900XL/3500XL terminology.
  • The main restriction is that all the ports that relate to a particular session (whether source or destination) must belong to the same VLAN.
  • If you configure the VLAN interface with an IP address, then the port monitor command monitors traffic destined to that IP address only. It also monitors the broadcast traffic that is received by the VLAN interface. However, it does not capture the traffic that flows in the actual VLAN itself. If you do not specify any interface in the port monitor command, all other ports that belong to the same VLAN as the interface are monitored.
This list provides some restrictions. Refer to Cisco IOS Commands (Catalyst 2900XL/3500XL) for more information.
Note: ATM ports are the only ports that cannot be monitor ports. However, you can monitor ATM ports. The restrictions in this list apply for ports that have the port-monitor capability.
  • A monitor port cannot be in a Fast EtherChannel or Gigabit EtherChannel port group.
  • A monitor port cannot be enabled for port security.
  • A monitor port cannot be a multi-VLAN port.
  • A monitor port must be a member of the same VLAN as the port that is monitored. VLAN membership changes are disallowed on monitor ports and ports that are monitored.
  • A monitor port cannot be a dynamic-access port or a trunk port. However, a static-access port can monitor a VLAN on a trunk, a multi-VLAN, or a dynamic-access port. The VLAN that is monitored is the one that is associated with the static-access port.
  • Port monitoring does not work if both the monitor port and the port that is monitored are protected ports.
Refer to the Managing Configuration Conflicts section of Managing Switches (Catalyst 2900XL/3500XL) for additional information on feature conflicts.
Be careful that a port in the monitor state does not run the Spanning Tree Protocol (STP) while the port still belongs to the VLAN of the ports that it mirrors. The port monitor can be part of a loop if, for instance, you connect it to a hub or a bridge and loop to another part of the network. In this case, you can end up in a catastrophic bridging loop condition because STP no longer protects you. See the Why Does the SPAN Session Create a Bridging Loop? section of this document for an example of how this condition can happen.

Configuration Example

This example creates two concurrent SPAN sessions.
  • Port Fast Ethernet 0/1 (Fa0/1) monitors traffic that ports Fa0/2 and Fa0/5 send and receive. Port Fa0/1 also monitors traffic to and from the management interface VLAN 1.
  • Port Fa0/4 monitors ports Fa0/3 and Fa0/6.
Ports Fa0/3, Fa0/4, and Fa0/6 are all configured in VLAN 2. Other ports and the management interface are configured in the default VLAN 1.

Network Diagram

41e.gif

Cisco L2, L3 스위치 VLAN 설정 방법

서버,보안
 
Cisco L2, L3 스위치 VLAN 설정 방법
  ex) C2950, C3550, C4506,...
 
※ 신규 IP대역이 추가되어, 해당 IP대역을 신규 VLAN에 할당하여 관리할 경우 사용
 
1. 우선 새로운 VLAN을 추가
>interface Vlan 101
> ip address 1.2.3.4 255.255.255.128
> no ip redirects
> standby 101 ip 1.2.3.1                    ; 게이트웨이 IP주소 설정
> standby 101 timers 1 3
> standby 101 priority 100                  ; 우선순위는 상황에 따라서...
> standby 101 preempt
 
2. 사용하고자 하는 포트에 새로 추가한 VLAN을 할당
>interface FastEthernet 0/20
> switchport access vlan 101
> switchport mode access
> no ip address
 
3. 필요 시 span tree 설정 작업
> spanning-tree vlan 100-101 priority 4000         ; C4506의 경우
  또는
 > spanning-tree vlan 100 priority 4000              ; C3550 이나
 > spanning-tree vlan 101 priority 4000              ; C2950의 경우
 
※ C2950의 경우 L2 스위치 이므로 VLAN간 통신이 불가능함
    -> 실제로 설정해 본 결과, 동시에 하나의 VLAN만 활성화됨
    -> 즉 사용하고자 하는 VLAN을 활성화하면 나머지 VLAN은 shutdown됨
    -> 이로 인해 C2950의 VLAN설정은 콘솔로만 가능, 원격에서는 설정불가