Smart Switch How To Series

[ymboc]

Re: Mirroring to Sniff

The last time I used port mirroring to mirror traffic to a network monitoring / intrusion detecting machine, it had such a negative impact on the switch's performance that it had to had to be turned off and we had to invest in a network tap instead.

Could you quantify the performance penalty incurred when turning on port mirroring in Part 2 of your article?

Thanks

[thiggins]

Quote:

Originally Posted by ymboc

Could you quantify the performance penalty incurred when turning on port mirroring in Part 2 of your article?

I'll give it a shot.

I've considered making the jump to Smart switches, and your article with two suggested 8 port switches at a great price point finally convinced me. I've always regarded Cisco / Linksys as a more reliable product manufacturer than Netgear, though the reviews I'm finding for the two models you are testing suggest the opposite. Does the Cisco SLM2008 really have such a high failure rate over time?

[Mr. Chenevert]

Could you spend some time explaining port trunking?

I have a need to bridge two switches together, and would like to use more than one port to connect the two... as the bridge is the current bottleneck of the network.

[thiggins]

I may touch on it in part 3. Not much to it, however. Just need two switches that support LAG (link aggregation groups), set a LAG up on both switches and connect the ports. 802.3ad is usually the way to go.

[wpns]

In your article you mentioned that you won't get separate subnets, as your DHCP server will only hand out addresses from a single subnet.

If devices are not on the same VLAN as the DHCP server, will they even get an IP address?

I've got some Linksys SRW and SLM switches in a network, and I'd like to implement VLANs properly, but I'm stuck on how to allow only the appropriate communications between VLANs. [I can have my phones only talk to my PBX, but then my PBX can't get to the Internet, for instance.] I'm currently using external routers to connect the VLANs together, but that takes up extra ports, and there has to be a better way (doesn't there?).

I'm also less than impressed by MAC address filtering, all someone has to do is determine the MAC address of the authorized device and clone it into their laptop, and they are in.

There's a rare failure mode of the SRW switches that resets them to factory defaults, which means suddenly everything's on the same VLAN, and everyone can see everything.

I have a netgear "dumb" switch gs105. I need more ports, so I've been thinking to go to an 8 port. I'm now considering going to the gs108t because of this article, but I'm curious if it'll fix my biggest problem with my gs105 - connecting at 100/full instead of gigabit.

I've got two computers plugged directly to the switch using 10 and 7 foot cat6 cables - these tend to auto-negotiate to 100/full instead of gigabit which is REALLY annoying. Would you think that the "Smart" switches would fix this - can it be set to force gigabit? The article sais "The Port Speed control can be set to 100M, 10M, Auto and Disable." which tends to make me think that it cannot be forced to gigabit, but do you think this switch would do better than my gs105, or should I be looking somewhere else to fix this issue?

Thanks,
Joel

[thiggins]

You're right there is no setting to force a gigabit connection in the GS108T.
Have you tried upgrading the NIC drivers? What kind of NIC(s) do you have the problem with?

I have a SLM2008. Could you please provide a short reply how I can have one port on my switch configured/reserved for port mirorring and another which would probably belong to a different VLAN so it only gets internet but is unable to touch any other machine on my network (I'd use that one when I get computers that need to be cleaned of malware).

Excellent series!

[Mr. Chenevert]

Just wanted to pass along some Kudo's. Articles such as this are the primary reason I visit this site as often as I do.

Keep up the good work.