SPAN port questions

C

Cyberrad

Limp Gawd
Joined
Sep 12, 2008
Messages
327
I am looking to implement an IDS on my network and require a SPAN port to accomplish my goal. My understanding is that managed switches are the only switches that have SPAN ports on them. This leads me to a few questions:

  1. Where can I find a decent deal on a managed 24 port Gigabyte switch?
  2. What brands in the managed switch world are good? (I know Cisco but that is a little pricey for home use)
  3. If I want to monitor more then 24 ports will I have to have a larger switch or can I use another switch along with the managed switch and still be able to see all traffic on my network? Router -> Managed Switch -> Switch
  4. Am I totally off track with my thinking of how to implement this?
 
Dell makes switches that'll do a single SPAN session. They are pretty cheap (at least compared to an enterprise-class switch, like a Cisco). I've also heard good things about the HP ProCurves, but have no first-hand experience with them.

You'll likely not be able to monitor 24 ports; likely you'd monitor the port between your router and the switch, thereby seeing all internet-based traffic.
 
Fint said:
Dell makes switches that'll do a single SPAN session. They are pretty cheap (at least compared to an enterprise-class switch, like a Cisco). I've also heard good things about the HP ProCurves, but have no first-hand experience with them.

You'll likely not be able to monitor 24 ports; likely you'd monitor the port between your router and the switch, thereby seeing all internet-based traffic.
Click to expand...

Thinking about it a little more, that is all I really need to monitor. That brings my requirements down for a switch. So you would just span the port that the router is connected to, to the SPAN port?
 
Let's say you have a 24 port switch and the router is connected to fa0/1 on the switch. You then have a machine (physical) that's connected to fa0/10. You'd span fa0/1 to fa0/10 so all traffic going to fa0/1 will mirror to fa0/10.
 
Thanks... That is what I thought.

I have been looking at a few of the Dells on fleabay. They also have some Netgear switches. Anyone familiar with their managed switches?
 
I've never used netgear managed switches, but I don't know of anyone in the industry that would recommend them for a business class switch.

HP procurves are on par with cisco in terms of performance and reliability, but they don't have as many features. I've heard good things about dell switches for the cheap route, but haven't used any personally.
 
The Linksys SRW208 (apparently now the Cisco SRW208) is a pretty cheap managed switch that will do port mirroring. I've never used the port mirroring feature of the switch, but I wouldn't think that it wouldn't work. It is an 8 port switch, but if you only need stuff to/from the internet, it should fit in nicely.
 
Ahh, never mind on that SRW208 if you need it to be gigabit. It looks like the SLM2008 is about $100 and will do port mirroring. I can't vouch for it at all, I just found it on newegg.
 
Cyberrad said:
Thanks... That is what I thought.

I have been looking at a few of the Dells on fleabay. They also have some Netgear switches. Anyone familiar with their managed switches?
Click to expand...

NetGears switches suck, plain and simple. I've torn out so many of those switches it's not funny. At one client I tore out a stack of their gigabit switches and replaced with 10/100 Cisco 3750s and their network performance IMPROVED. I would take a 3Com over a NetGear and I hate 3Com.

My advice would be to buy a used Cisco switch off fleabay. You can probably get a decent 3524XL for $80.
 
You must log in or register to reply here.
Back
Top