Re: Looking for switch recommendations ...

From: Wes Peters (wes_at_softweyr.com)
Date: 03/31/04

  • Next message: Steven Stremciuc: "Re: Looking for switch recommendations ..." 
    To: Steven Stremciuc <steve@freeslacker.net>, freebsd-net@freebsd.org
Date: Tue, 30 Mar 2004 14:06:05 -0800

    On Sunday 28 March 2004 11:37 pm, Steven Stremciuc wrote:
    > Has anyone tested port mirroring on these switches (2524) and run into
    > any problems? Many people seem to recommend these ProCurve switches here
    > and so far they seem like a great buy (only one I saw that cheap that
    > does 802.1x). I'm also looking for a managed switch (probably something
    > off ebay) and would like to find something that does port mirroring
    > nicely as I'd like to play with that in the future. I saw Dell's
    > Powerconnect 3348 has some problems with port mirroring and am trying to
    > avoid getting a switch where the feature is listed as supported but
    > doesn't work as expected.
    >
    > Info about the 3348's problems:
    > http://forums.us.dell.com/supportforums/board/message?board.id=pc_managed
    >&message.id=1425

    Every switch that does port mirroring probably has some problems related to
    port mirroring, because mirroring typically cannot be done in hardware. If
    nothing else, you can expect some degraded performance on the port(s) being
    mirrored and on the port doing the mirroring, because the packets have to
    be fondled by the CPU before they can be switched. Even with a really fast
    processor, this will increase the latency a bit.

    In a multi-slot switch like the ProCurve 4000M, you probably want to mirror
    to a port on the same switch blade. This certainly helped with the latency
    in the Xylan chassis. Smaller switches like the 2500 series are *probably*
    implemented as a slot-based architecture with all of the slots on one
    board, so it may be advantageous to have the mirror ports in the same group
    of 8. Without knowing the architecture more closely, it would be hard to
    say for sure.

    The guy who posted the message in the Dell forum you linked above sounds
    like he has no idea what he's doing. It's not possible to use a switch
    port mirroring function to monitor a switch without a strong knowlege of
    network configuration. The fact that he's getting only packets bearing the
    IP address of the other NIC in his XP box doesn't lend me to believe he has
    that knowlege. 

    -- 
         "Where am I, and what am I doing in this handbasket?"
Wes Peters                                              wes@softweyr.com
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
  • Next message: Steven Stremciuc: "Re: Looking for switch recommendations ..."

    Relevant Pages

    • RE: Caching a sniffer
      ... >the inherent differences between a switched environment and a hub ... >to login to your switch, enable port mirroring, and sniff data, you ... A switch is basically a hub and router in one. ...
      (Security-Basics)
    • RE: Network not accessible!!?
      ... So I would say you have some sort of port mirroring on the ... on the switch lately. ... the internet on either one of the two other PC's (named ...
      (microsoft.public.windowsxp.network_web)
    • NIDS Recommendations in limited environment...
      ... after running into the mostly useless Intel 510 "port mirroring" in ... switch in use, cannot provide proper monitoring functions. ...
      (Focus-IDS)
    • Re: Colasoft Packet Sniffer Doesnt See Internet Traffic
      ... >> Firewall. ... > Either set up- port mirroring on the switch or use a hub instead of a switch. ... Using Colasoft's packet sniffer I can now see all the Internet ...
      (comp.security.firewalls)