Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
330
Views
0
Helpful
3
Replies

SPANing multiple ports

A11055
Level 1
Level 1

‎07-11-2003 12:40 PM - edited ‎03-02-2019 08:48 AM

currently have a hub for our DMZ and I wanted to VLAN off some severs that have no reason to communicate. But we also need to monitor (IDS) all traffic within the DMZ. How could I achieve this - SPAN multiple ports, trunking, or please suggest any other method and requirements to accomplish. Thanks

Labels:
0 Helpful
3 Replies 3

t.baranski
Level 4
Level 4

‎07-12-2003 10:55 AM

Did you mean switch instead of hub? You don't see multiple VLANs in a DMZ all that often because each VLAN requires its own subnet. The methods I've used on Cisco switches are PVLANs (if your switch supports it), the "protected port" feature, and access lists applied to individual switch ports.

You can, however, generally SPAN multiple VLANs to a single port if you choose to go that route.

0 Helpful

A11055
Level 1
Level 1
In response to t.baranski

‎07-14-2003 11:27 AM

Thanks for the response. I did mean hub and don't know if this is the best solution to protect my DMZ. It sounds like your suggestion would be much simpler than having 5 VLANs with 5 different subnets. Do you have any sample config's or documentations on PVLANs and "protected port" feature.

0 Helpful

t.baranski
Level 4
Level 4
In response to A11055

‎07-14-2003 05:20 PM

The reason I asked if you meant hub or switch is because the features you mentioned are specific to switches. PVLANs and protected ports are specific to Cisco switches, in fact, though similar features may exist in other implementations.

A good article on securing DMZ's and PVLANs is here: http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a008013565f.shtml. You can find more on configuring this stuff in a given switch's documentation (e.g., protected port information is at http://www.cisco.com/en/US/products/hw/switches/ps646/products_configuration_guide_chapter09186a008014f36b.html#1029319 for Cat3550's). Note that protected ports are essentially a cut-down version of PVLANs for some of the lower-end members of Cisco's switch product line.

0 Helpful
Customers Also Viewed These Support Documents