Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Inserting a dumb hub between the firewall and switch? 1

Status
Not open for further replies.
achilleus

achilleus

IS-IT--Management
Oct 3, 2001
351
US
Hi all...Thanks in advance for any help you can offer...

I am using CheckPoint FW NG and I also want to start using SurfControl for website monitoring...My question is that I need to place the SurfControl machine in such a position that it can listen to all the packets passing out of the network; as we use NAT, I need to place it between the firewall and the office switch; if I stick a dumb hub between the firewall and office switch, will I loose much performance?...

I thought of putting it between the firewall and router, but as the office hides behind a static NAT address, I couldnt tell who was going where...

Thanks again! AJ
SA
HS
 
Sort by date Sort by votes
Ok, well configured you should not be limiting your bandwidth up to T1 speeds, the slowest ethernet is 10 meg.

the firewall and the router should expect half duplex, the hub can be 100 meg if all 3 devices can go 100 meg, otherwise 10 meg is fine for up to T1 (1.5 meg)

the Surf control box should mostly be watching packets not adding them.

another option is a protocol my switch vendor (nortel) calls Port Mirroring, where all I/O to and /or from one port of the switch is mirrored to a second port, there would be no downside to port mirroring at all. I tried to remain child-like, all I acheived was childish.
 
Upvote 0 Downvote
Thanks for the info jimbopalmer! It sounds like the port mirroring option would be perfect. I have to find out if my hp procurve switch 4000m supports this feature. Would be perfect for this.

I'll let you know what I find. AJ
SA
HS
 
Upvote 0 Downvote
I went on the HP site and got a manual in pdf, it describes "Network Monitoring Port " as being what Notel calls Port Mirroring and says the 4000M has one!


ftp://ftp.hp.com/pub/networking/software/59692320.pdf

Chapter 6 page 34 in the manual, page 110 in the PDF I tried to remain child-like, all I acheived was childish.
 
Upvote 0 Downvote
You are my hero. Really. Thank you so much! AJ
SA
HS
 
Upvote 0 Downvote
Just a short comment about using 10 Mbit hubs.

Running anything other then Full-Duplex can give you a lot of "funny" problems that sometimes can be very difficult to find.

Using a mirror port is the right way to go. That is also what we do in our installation.

We have ISS on a port on the outside switch on a mirror port on an Extreme Summit24 switch and another mirror port on the inside on an Extreme BlackDiamond switch.

/johnny
 
Upvote 0 Downvote
It seems to work very well (the mirroring)...The only issue I am seeing is that it only seems to see the traffic from the one switch and not all three (I have three HP ProCurve switches; with one setup as master)...The mirroring is set up on the master, but only sees the traffic from the one switch...

AJ
SA
HS
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Wajdi Zghal
  • Locked
  • Question
Sipp between 2 VM
Replies
0
Views
490
Wajdi Zghal
Wajdi Zghal
Zebad
  • Locked
  • Question
TFTP interference from another host (Windows Server , VxWorks Client)
Replies
0
Views
604
Zebad
Zebad
robocat
  • Locked
  • Question
Yet another TCP RST flag problem
Replies
0
Views
536
robocat
robocat
jmarkus
  • Locked
  • Question
Can I have a different private IP address which isn't on my router's subnet?
Replies
6
Views
630
sbcsu
sbcsu
Vedant Gonnade
  • Locked
  • Question
How to send a string (generated by camera) to computer
Replies
0
Views
504
Vedant Gonnade
Vedant Gonnade

Part and Inventory Search

Sponsor

Back
Top