«

I have an ancient 2924-XL-EN switch

I have it setup wth 2 VLANS:

VLAN 10 which has servers and workstations. It includes various
protocols, from SCS/LAT/DECNET for VMS boxes, as well as IP and
Appletalk. Basically ports 1 to 19.

VLAN20 s basically a PPPoE zone between the WAN port of the router and 2
DSL modems (1 is backup). Basically ports 20 to 24.

Main workstation is a Mac which also acts as X display for VMS
applications. For purpose of this discussion, it uses fa0/13 .

What is the best way to get the Mac to run Wireshark to analyse the
traffic between the modem and the router in VLAN20 ?

Making the Mac switchport multi vlan 10,20 prevents the "port monitor"
command for that port.

Is there a magic way to allow fa0/13 on VLAN 10 to get all packets
flowing in VLAN 20 without allowing traffic from VLAN 10 to flow into
VLAN 20 ?

(Moving the Mac to VLAN 20 would then cause conections to VLAN 10
machines to be severed).


Also, some various questions:

Is it correct that there can be only one management vlan at a time on a
switch ?

The switch is configured to run NTP server. Is correct to assume that it
can only serve port that are on the management vlan ? I would like the
modems to be able to NTP sync, and the switch would be simplest.

(my current router doesn't have ability to have multiple interfaces on
the WAN port, so it can't server a different IP subnet for the modems at
the same time as having PPPoE interface).

On Jan 5, 4:33*am, JF Mezei <jfmezei.spam...@vaxination.ca> wrote:
> I have an ancient 2924-XL-EN switch
>
> I have it setup wth 2 VLANS:
>
> VLAN 10 which has servers and workstations. It includes various
> protocols, from SCS/LAT/DECNET for VMS boxes, as well as IP and
> Appletalk. Basically ports 1 to 19.
>
> VLAN20 s basically a PPPoE zone between the WAN port of the router and 2
> DSL modems (1 is backup). Basically ports 20 to 24.
>
> Main workstation is a Mac which also acts as X display for VMS
> applications. For purpose of this discussion, it uses fa0/13 .
>
> What is the best way to get the Mac to run Wireshark to analyse the
> traffic between the modem and the router in VLAN20 ?
>
> Making the Mac switchport multi vlan 10,20 *prevents the "port monitor"
> command for that port.
>
> Is there a magic way to allow fa0/13 on VLAN 10 to get all packets
> flowing in VLAN 20 without allowing traffic from VLAN 10 to flow into
> VLAN 20 ?
>
> (Moving the Mac to VLAN 20 would then cause conections to VLAN 10
> machines to be severed).
>
> Also, some various questions:
>
> Is it correct that there can be only one management vlan at a time on a
> switch ?
>
> The switch is configured to run NTP server. Is correct to assume that it
> *can only serve port that are on the management vlan ? I would like the
> modems to be able to NTP sync, and the switch would be simplest.
>
> (my current router doesn't have ability to have multiple interfaces on
> the WAN port, so it can't server a different IP subnet for the modems at
> the same time as having PPPoE interface).

1. You would have to install wireshark, setup a port span, and span
the traffic from vlan 20 to the destination port of the mac. This
would take the mac out of vlan 10, and put it in vlan 20 for the
purposes of the span. If this disrupts service or applications, use
another box to do this.
2. Yes, one mgmt interface for that switch.
3. You can serve NTP to anywhere, it is routed. It would only
provide the service on the mgmt vlan interface, but you can point
other subnets to that IP since it is routed, so long as you have
routing to/from that mgmt vlan setup properly. For internal servers,
this is easy, for external (since they most likely are not aware of
your nat), it may be more difficult.