Wednesday 7 November 2012

Cisco Switches- Configure Port Mirrors

The port mirror in cisco is easy as a piece of cake :)
What you have to do is to check whether the port mirroring is supported in your type of switch or not

Solution 1:

Monitoring the Interface:

Configure a mirror on port 2 like this.
ABC_Switch(config)# monitor session 1 source interface Fa0/2 both
ABC_Switch(config)# monitor session 1 destination interface Fa0/9
both refers to in and out.
Cisco also allows you to specify multiple sources to a single port or a single source to multiple destinations.
ABC_Switch(config)# monitor session 2 source interface Fa0/2 both
ABC_Switch(config)# monitor session 2 destination interface Fa0/11
ABC_Switch(config)# monitor session 2 destination interface Fa0/12



Monitoring the Vlan:

Cisco switches also allows you to create a vlan mirror that extracts traffic from the entire vlan or vlans and sends it to a destination port for monitoring.
ABC_Switch(config)# monitor session 1 source vlan 12 rx
ABC_Switch(config)# monitor session 1 destination interface Gi1/1
Specifying both in the source command would create duplicate packets as packets go in and out of the vlan, so only specify receive or transmit with the tx or rx

Commands to Remember:

ABC_Switch>show monitor 
Mirrors can be disabled two ways:
Disabling the monitor session:
ABC_Switch(config)# no monitor session 1
This command will only remove session 1.
ABC_Switch(config)# no monitor
The no monitor command will remove all monitors on the switch.


Solution 2:

ABC_Switch> enable
ABC_Switch# configure terminal
ABC_Switch(config)#
Choose which interface you want your traffic mirrored to. Remember in case of vlan mirroring the interface must be in the same vlan.
e.g if we want to mirror the traffic to the destination fa 0/19

ABC_Switch(config)#int fa0/19

For mirroring the interface:

ABC_Switch(config-if)#port monitor fa0/2


For mirroring the multiple interfaces:
ABC_Switch(config-if)#port monitor fa0/2
ABC_Switch(config-if)#port monitor fa0/3
ABC_Switch(config-if)#port monitor fa0/4

For mirroring the Vlan:
ABC_Switch(config-if)#port monitor Vlan80

* In all cases do remember to save the configurations.
ABC_Switch# wr
Type "wr" to save your current running configuration as your startup config so you don't lose all your changes made after a reboot. 
Posted by at No comments:

Saturday 29 September 2012

Intrusion Detection and Prevention Systems


Intrusion Detection and Prevention Systems

Security in network remains the dilemma all around the globe. Network personnel are most irritated by the Security breach in their organization either internally or by the culprit in the cloud.

So first of all gaining enough knowledge on what does intrusion refers to in Computer Networks.

Introduction:

Intrusion refers to un-authorized entrance in the network without being noticed by network administrators.
Intrusion can cause stealing of information, alteration or even monitoring of information can cause series threat to the Network Systems.
The intrusion can also results in all kinds of attacks of the security of network.

Although, its true said that 
"If you wanna know how not secure you are, just take a look around. Nothing's secure. Nothing's safe..."
but precautions does matters =)

Intrusion Prevention and Detection Mechanism:

Intrusion Prevention Mechanism can provide maximum safety to this threat and can save your network from some of the threats to be precise.

The purpose of IPS is to prevent the attacks on security, they can only be achieved if and only if the Intrusion is detected and the source is caught so in my whole blog i will be talking on both Intrusion Prevention as well as detection on the same and use IPS for both.

The IPS can performs:

Identifying security policy : It audits the security policies and if there is a loop hole in the policy it identifies it and notifies too.

Documenting the existing threat to an organization: If founds the treat then reports the threat for research and development and for profile development (it will be covered in the later posts soon).

Deterring individuals from violating security policies: IPS refrains the culprits not to intrude in the IPS monitored network since all the activities are being recorded .

Posted by at No comments:

Saturday 4 August 2012

Discussion Area




Discussion Area:





Here you can create threads of comments regarding your queries and solution are also posted here as comments....
 
Posted by at No comments:

"Network Solutions" solvnet.blogspot.com




Hi Everyone,

Wandering around the internet for finding the solutions is almost a headache to be precise. In order to make the solutions related to Networks Problems all available under the single roof, this blog is a small initiative.

Here you can post your queries and you can also ask for suggestions too. This blog is open to all the professionals and the users related to networks.


Blog admin takes no responsibility regarding any misuse.

Posted by at
Subscribe to: Posts (Atom)