Jump to content


Photo

Catalyst 6500 Firewall Service Module - Span Port Config


  • This topic is locked This topic is locked
4 replies to this topic

#1 rpotterf

rpotterf
  • Members
  • 5 posts

Posted 05 August 2008 - 04:08 PM

I've got some issues running in listen only mode. I've got a span port created on my Catalyst 6500 Firewall Service Module but don't seem to be able to log any traffic with the cuda. I've sniffed the port with wire shark but can't seem to see any AIM traffic that I generate. Anyone running a similar config on a FWSM?

#2 rpotterf

rpotterf
  • Members
  • 5 posts

Posted 08 August 2008 - 09:53 AM

I was able to use wireshake to verify that I'm indeed seeing IM traffic on my span port. Anyone else successfully running an IMcuda in listen only mode?

#3 pejacoby

pejacoby
  • Members
  • 1,822 posts

Posted 05 November 2008 - 05:02 PM

Has anyone else implemented their IM Box in SPAN mode? I'm currently running in "Standard" mode, using only the Barracuda IM Client. However, based on the removal of the 3rd party transport file transfer capabilities, I'm leaning toward changing my setup to SPAN so I can use the Logging & Monitoring capabilities for the public client traffic.From the docs, it seems that all I need to do is have my network team reconfigure the port I am plugged into as a SPAN, and make sure all traffic to the internet gets spanned to the IM box. I should, if I'm reading correctly, be able to continue to use the Barracuda Client in this mode.I'd be interested in other experiences running this way.

#4 pejacoby

pejacoby
  • Members
  • 1,822 posts

Posted 11 November 2008 - 04:53 PM

I talked to Support and got clarification on the SPAN setup.- Acquire a new IP address that will be used for the Monitor port.- Retain your old IP address for use on the back port.- Configure a switch to SPAN all outbound traffic to a port.Change your configuration in this order via the Web interface:1. Assign your NEW IP address to the LAN port by changing Basic -> IP Configuration. 1a. When you save changes, you will be disconnected.2. Reconnect to the box with your browser on the new IP3. Enable the BACK port under Advanced -> Advanced IP Config.3a. Set the "Use back port?" radio button to YES3b. Assign your OLD IP address and subnet mask to the back port.3c. When you save changes, you will be disconnected.4. On the IM box, move the cable plugged into the front LAN port to the Back port.5. Plug a cable from your newly spanned switch port into the front LAN port.6. You should now be able to reconnect to the IM Box via the OLD IP address, and do all of your usual Administrative tasks.Your main screen and message log should now show activity from 3rd party clients, and complete chat sessions between users.In this mode you are not able to BLOCK traffic.

#5 pejacoby

pejacoby
  • Members
  • 1,822 posts

Posted 14 November 2008 - 02:59 PM

Another follow-up to my own post.I have found (and confirmed with Support) that the Listen mode currently only monitors and logs the Yahoo Messenger client.The box is currently incompatible with the latest MSN client traffic, and also can not seem AIM client traffic because AIM chats are now encrypted.So much for monitoring and logging functionality...hopefully the next firmware will fix some of this, otherwise it is time to revise the marketing literature! In it's current state the box does not do what the marketing pages say:Installing in minutes, it can easily and completely identify and manage both internal and public IM traffic within your organization.