Solved

I need a 48 port gigabit switch capable of VSPAN, ASAP.

Posted on 2006-07-03
11
477 Views
Last Modified: 2008-02-26
We've had very suspicious activity internally, and I currently have a 3com baseline switch with no monitoring capabilities.

I have a few cisco 2950's, but they can only SPAN on a single port at a time.

What I need is a 48+ port gigabit switch that will let me span on the entire VLAN at once, and I need to order it yesterday!
0
Comment
Question by:Derekleu
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +1
11 Comments
 
LVL 5

Expert Comment

by:NAORC
ID: 17030585
Netgear GSM7248

Product Link: http://www.broadbandbuyer.co.uk/Shop/ShopDetail.asp?ProductID=2660
                    http://www.novatech.co.uk/novatech/specpage.html?NGR-GSM724

Netgear website link: http://www.netgear.com/products/details/GSM7248.php

For some reason they dont have very good reviews on the web, but i have several of them in use and i think theyre brilliant!
0
 

Author Comment

by:Derekleu
ID: 17030637
GSM7248, I am about to place this order, you are sure this will let me mirror 47 ports into 1 so I can attach a PC with IDS software on it?

0
 
LVL 5

Expert Comment

by:NAORC
ID: 17030644
5 mins... on hold to netgear as we speak to confirm it.
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 
LVL 5

Expert Comment

by:NAORC
ID: 17030723
Netgear have just confirmed that the switch does allow that but when you receive the switch you will need to upgrade the firmware before use.

If the switches do not do this, then i am sorry, but i am just passing on the information that the product manufacturer gave to me.
0
 
LVL 14

Expert Comment

by:ECNSSMT
ID: 17030948
I got the 24 port Gigabit version GS724T at home (the GSM version is suppose to have better management capabilitites and a console port if I remember correctly)  and use it with ethereal to do port monitoring on those special occassions. so yes.  I'm kinda surprised about the upgrade of the firmware comment though.

I am suprised that you are not looking for a Cisco solution like a module NMI if you have something like a 6509.  

Also if you are installing HIDS clients on suspect devices, they should forward irregardless of the capabilities of the switch.

Regards,  
0
 

Author Comment

by:Derekleu
ID: 17032414
I called Netgear, they told me the GSM7248 only supports port to pot mirroring, and that the GSM7352S is the only one that can do vlan to port mirroring.

They also told me that there is a planned firmware by which the GSM7248 will be able to do vlan mirroring.

I had not planned on deploying HIDS, my users are very very picky and I have not seen an unintrusive windows based solution.
0
 
LVL 14

Expert Comment

by:ECNSSMT
ID: 17033022
OK if that's the official word from Netgear <grin>.  I've spent the last hour looking at the Netgear website to see if I could find wording that could parallel the GS724T config page without success.  


*******************************************************************************                      
Monitor
This page allows you to configure any port's incoming and/or outgoing traffic to be mirrored to a pre-defined sniffer port.

Sniffer Mode:

Disable - disable port mirroring globally.

RX - mirroring only the ingress traffic to the designated source ports.

TX - mirroring only the egress traffic to the designated source ports.

Both - mirroring both incoming and outgoing traffic on the designated source ports.


Sniffer Port: Select from 1 to 24 ports .

Source Ports: Select any number of ports to be monitored (mirrored). The ports can not be the Sniffer port.
*************************************************************************************
This is the version of the firmware I got...

Product Name  GS724T  
Firmware Version  V1.0.0_0429  
Protocol Version  2.001.002  


Again, I'm surprised by the information that is presented.

oh well...
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 17033071
Not sure what your budget is but the Cisco 2960 will do what you are looking for.

WS-C2960G-48TC-L

http://www.cisco.com/en/US/products/ps6406/index.html
0
 

Author Comment

by:Derekleu
ID: 17033291
ECNSSMT: Strange, very strange. Netgear engineer told me that I absolutely could not mirror more than one port, and that it was a possibility in the next firmware. Maybe the difference lies between the 24 and 48 port parts.

JFrederick29: I am looking into that cisco part. Are you absolutely sure it supports bi-directional VSPAN?
0
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 50 total points
ID: 17033329
From this: (http://www.cisco.com/en/US/products/ps6406/products_configuration_guide_chapter09186a00805fde07.html#wp1199491)

Source VLANs
 
VLAN-based SPAN (VSPAN) is the monitoring of the network traffic in one or more VLANs. The SPAN or RSPAN source interface in VSPAN is a VLAN ID, and traffic is monitored on all the ports for that VLAN.

VSPAN has these characteristics:

•All active ports in the source VLAN are included as source ports and can be monitored in either or both directions.
0
 

Author Comment

by:Derekleu
ID: 17036712
Points!

Thanks for assist guys, it seems that the cisco 2960 it is.

0

Featured Post

Forrester Webinar: xMatters Delivers 261% ROI

Guest speaker Dean Davison, Forrester Principal Consultant, explains how a Fortune 500 communication company using xMatters found these results: Achieved a 261% ROI, Experienced $753,280 in net present value benefits over 3 years and Reduced MTTR by 91% for tier 1 incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Suggested Courses

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question