Solved

I need a 48 port gigabit switch capable of VSPAN, ASAP.

Posted on 2006-07-03
11
471 Views
Last Modified: 2008-02-26
We've had very suspicious activity internally, and I currently have a 3com baseline switch with no monitoring capabilities.

I have a few cisco 2950's, but they can only SPAN on a single port at a time.

What I need is a 48+ port gigabit switch that will let me span on the entire VLAN at once, and I need to order it yesterday!
0
Comment
Question by:Derekleu
  • 4
  • 3
  • 2
  • +1
11 Comments
 
LVL 5

Expert Comment

by:NAORC
ID: 17030585
Netgear GSM7248

Product Link: http://www.broadbandbuyer.co.uk/Shop/ShopDetail.asp?ProductID=2660
                    http://www.novatech.co.uk/novatech/specpage.html?NGR-GSM724

Netgear website link: http://www.netgear.com/products/details/GSM7248.php

For some reason they dont have very good reviews on the web, but i have several of them in use and i think theyre brilliant!
0
 

Author Comment

by:Derekleu
ID: 17030637
GSM7248, I am about to place this order, you are sure this will let me mirror 47 ports into 1 so I can attach a PC with IDS software on it?

0
 
LVL 5

Expert Comment

by:NAORC
ID: 17030644
5 mins... on hold to netgear as we speak to confirm it.
0
 
LVL 5

Expert Comment

by:NAORC
ID: 17030723
Netgear have just confirmed that the switch does allow that but when you receive the switch you will need to upgrade the firmware before use.

If the switches do not do this, then i am sorry, but i am just passing on the information that the product manufacturer gave to me.
0
 
LVL 14

Expert Comment

by:ECNSSMT
ID: 17030948
I got the 24 port Gigabit version GS724T at home (the GSM version is suppose to have better management capabilitites and a console port if I remember correctly)  and use it with ethereal to do port monitoring on those special occassions. so yes.  I'm kinda surprised about the upgrade of the firmware comment though.

I am suprised that you are not looking for a Cisco solution like a module NMI if you have something like a 6509.  

Also if you are installing HIDS clients on suspect devices, they should forward irregardless of the capabilities of the switch.

Regards,  
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:Derekleu
ID: 17032414
I called Netgear, they told me the GSM7248 only supports port to pot mirroring, and that the GSM7352S is the only one that can do vlan to port mirroring.

They also told me that there is a planned firmware by which the GSM7248 will be able to do vlan mirroring.

I had not planned on deploying HIDS, my users are very very picky and I have not seen an unintrusive windows based solution.
0
 
LVL 14

Expert Comment

by:ECNSSMT
ID: 17033022
OK if that's the official word from Netgear <grin>.  I've spent the last hour looking at the Netgear website to see if I could find wording that could parallel the GS724T config page without success.  


*******************************************************************************                      
Monitor
This page allows you to configure any port's incoming and/or outgoing traffic to be mirrored to a pre-defined sniffer port.

Sniffer Mode:

Disable - disable port mirroring globally.

RX - mirroring only the ingress traffic to the designated source ports.

TX - mirroring only the egress traffic to the designated source ports.

Both - mirroring both incoming and outgoing traffic on the designated source ports.


Sniffer Port: Select from 1 to 24 ports .

Source Ports: Select any number of ports to be monitored (mirrored). The ports can not be the Sniffer port.
*************************************************************************************
This is the version of the firmware I got...

Product Name  GS724T  
Firmware Version  V1.0.0_0429  
Protocol Version  2.001.002  


Again, I'm surprised by the information that is presented.

oh well...
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 17033071
Not sure what your budget is but the Cisco 2960 will do what you are looking for.

WS-C2960G-48TC-L

http://www.cisco.com/en/US/products/ps6406/index.html
0
 

Author Comment

by:Derekleu
ID: 17033291
ECNSSMT: Strange, very strange. Netgear engineer told me that I absolutely could not mirror more than one port, and that it was a possibility in the next firmware. Maybe the difference lies between the 24 and 48 port parts.

JFrederick29: I am looking into that cisco part. Are you absolutely sure it supports bi-directional VSPAN?
0
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 50 total points
ID: 17033329
From this: (http://www.cisco.com/en/US/products/ps6406/products_configuration_guide_chapter09186a00805fde07.html#wp1199491)

Source VLANs
 
VLAN-based SPAN (VSPAN) is the monitoring of the network traffic in one or more VLANs. The SPAN or RSPAN source interface in VSPAN is a VLAN ID, and traffic is monitored on all the ports for that VLAN.

VSPAN has these characteristics:

•All active ports in the source VLAN are included as source ports and can be monitored in either or both directions.
0
 

Author Comment

by:Derekleu
ID: 17036712
Points!

Thanks for assist guys, it seems that the cisco 2960 it is.

0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

When replacing some switches recently I started playing with the idea of having admins authenticate with their domain accounts instead of having local users on all switches all over the place. Since I allready had an w2k8R2 NPS running for my acc…
Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now