auditing traffic inside a vlan

Unanswered Question
Jan 7th, 2008
User Badges:

Hello. I want to audit traffic inside of a vlan so it will tell me when one host communicates to another host and what protocol it used without configuring spans on every port and putting a sniffer there.


I was thinking maybe I could log on a mac access-list but I can't


Switch(config-ext-macl)#permit any any ?

<0-65535> An arbitrary EtherType in decimal, hex, or octal

aarp EtherType: AppleTalk ARP

amber EtherType: DEC-Amber

appletalk EtherType: AppleTalk/EtherTalk

cos CoS value

dec-spanning EtherType: DEC-Spanning-Tree

decnet-iv EtherType: DECnet Phase IV

diagnostic EtherType: DEC-Diagnostic

dsm EtherType: DEC-DSM

etype-6000 EtherType: 0x6000

etype-8042 EtherType: 0x8042

lat EtherType: DEC-LAT

lavc-sca EtherType: DEC-LAVC-SCA

lsap LSAP value

mop-console EtherType: DEC-MOP Remote Console

mop-dump EtherType: DEC-MOP Dump

msdos EtherType: DEC-MSDOS

mumps EtherType: DEC-MUMPS

netbios EtherType: DEC-NETBIOS

vines-echo EtherType: VINES Echo

vines-ip EtherType: VINES IP

xns-idp EtherType: XNS IDP

<cr>


Or


I could configure a vlan access-map with a ACL that logged but I can't


Switch(config-access-map)#match ip add 104

% Logging ACLs are not supported.


Is there anyway to do this?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
chschroe Mon, 01/07/2008 - 20:31
User Badges:

I couldn't possibly imagine a way to do that.


The device does build tables of what mac addresses are out what interfaces, but that is about it... tracking all L2 flows would be very, very stressful to say the least.


What sort of platform is it?


NS

Actions

This Discussion