Directing all traffic transparently to a device

[tricksy2002]

Hi,

I have a 'collector' device that has 2 nic cards in it. This device acts like a PC. It has a single IP address. It is a box that collects everything that goes out to my wan. The switch is a 6500 with the MSFC card. This switch connects to my WAN router. I need to send all the traffic going through my switch to pass thru 1 port and come back to the other port and back to the switch and go on to its merry way. I dont care if traffic coming back goes thru this collector or not.
Any assitance would be greatly appreciated since I am at a loss. I was playing with Private VLANs but no luck either.Thanks in advance.

 

[jgercken]

Collect the packets with a VACL
First define the port to receive the packets:
set security acl capture-port <port incoming nic is on>

Next define the access-list that will match the packets:
set security acl ip listviolators deny ip <outgoing IP> any
set security acl ip listviolators permit ip any any capture
commit security acl all

Finally activate the list on the source vlan(s):
set security acl map listviolators <vlan(s)>

You may have to modify the list if you don't want intra-switch traffic to be captured & filtered. Note, this will screw with the upstream switch's CAM/MLS tables since all the traffic coming from that switch's source MAC will be that of your outgoing NIC. You may exlude arp traffic from the list which, is helpful to prevent IP addressing issues and would populate the tables properly. What a neat/unusual setup!

-Jeff ----------------------------------------
Wassabi Pop Tarts! Write Kellogs today!