|
-
January 28th, 2005, 10:36 PM
#11
Why does traffic from the WAN port HAVE to also show on the LAN port?
Take this scenario, which is a dumbed down version of what I'm looking for.
Main site
Remote site 1
Remote site 2
Remote site 3
If remote site 3 needs to get to main site, and it is not directly connected, then it must route through site 2 or site 1 to get to main site. So, if site 3 is routing through site 2 to get to main site, why would you see traffic on the LAN port of site 2? You'd only see that traffic on site 2's WAN port... correct?
The router does have a management console. There is every freaking option you can think of in there... except to show active connections. This is a motorola vanguard router. There are no books out there on vanguard routers. The manuals SUCK!
I can't wait till I'm working with Ciscos... I hate motorola with a passion.
I understanding what you are saying about listening to traffic on the outside of the CSU.
I kind of figured it'd be pointless... but I wasn't sure.
Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
-
January 28th, 2005, 11:25 PM
#12
Why does traffic from the WAN port HAVE to also show on the LAN port?
It doesn't.... If you apply ACL's at the router then traffic coming to the WAN port may be utterly different from the traffic passing over the LAN port..... You would have filtered out any crap that you didn't want to see.... Your problem is that you want to see things that your router may either drop because of ACL's or because it drops through protocol or whatever. Unless you can find a way to syslog, (or whatever), the debug(?) logs of the router then you will never know what is being directed at it..... But then, on the bright side, why would you care? Unless it exploits the router, which is rare and usually only results in a DoS which you should recognize fairly quickly  , then there isn't that much of a problem. Exploiting the router for reasons other than DoS is extremely difficult and the results are pretty limited historically....
Don\'t SYN us.... We\'ll SYN you..... 
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
February 2nd, 2005, 06:21 PM
#13
I hate motorola with a passion.
DUDE! Me too. You have Vanguards? They were very cheap and many people used them when CISCO was high on the hog charging 10 times the ammount. I have 2 still in production. I hate having to do anything with them and good luck working out complicated issues do to lack of documentation. You could make a case that you are a risk from failure and swap them out. I have just been lazy. Although I have a CISCO to replace it I bought on ebay.
When I said any traffic on the T1 link would be on the LAN port I was thinking in terms that each T1 link had a seperate lan port. They are just a bridge really and anything that would be destined for Layer 2 would appear there on the LAN pport in terms of management. Tiger is correct that an ACL will filter traffic desitined to the LAN port. But you can access that LAN port and see what is on the WAN interface through the lan port... because it's already been converted to a higher level. But you wouldn't be able to sniff the actuall interface, just maybe a few errors or something?
West of House
You are standing in an open field west of a white house, with a boarded front door.
There is a small mailbox here.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote