- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I would like to put a managed switch between the ONT and my firewall so I can mirror the interface to a snort host to monitor all my internet traffic. But to do that I believe the ONT would need to give out two addresses , one to the managed switch (so you can manage it via the web interface) and one to the router everything else sits behind. Will this work? If not are there other ways I can monitor all the network traffic leaving my location?
Solved! Go to Correct Answer
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
A Fios ONT does not hand out an IP address. An ONT is a link-layer device and therefore does not deal with IP addresses ipso facto.
The GateWay Router (GWR) behind the Optical Line Terminal (OLT) in the Central Office (CO) hands out IP addresses based on your circuit account type, that is only 1 active IPv4 address for residential connections.
If you'd like to tap your WAN side traffic, you could use the port mirroring feature on a switch as you are doing. The main problem for you seems to how to access that switch. There are multiple ways of solving this.
1) If the switch's management interface is the bridge interface, then assign a static IP address in the private range
2) If the switch's management interface supports to be out of band, that interface could be bridged to your LAN and get a LAN IP from your DHCP server
3) If you are using a Linux computer to do the tapping, configure two NICs to be in the bridge interface and tcpdump on that bridge interface could view the traffic passing through them
4) On Linux computer port mirroring could be accomplished using tc qdisc and filter independent of whether a routable address is even assigned to an interface
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
A Fios ONT does not hand out an IP address. An ONT is a link-layer device and therefore does not deal with IP addresses ipso facto.
The GateWay Router (GWR) behind the Optical Line Terminal (OLT) in the Central Office (CO) hands out IP addresses based on your circuit account type, that is only 1 active IPv4 address for residential connections.
If you'd like to tap your WAN side traffic, you could use the port mirroring feature on a switch as you are doing. The main problem for you seems to how to access that switch. There are multiple ways of solving this.
1) If the switch's management interface is the bridge interface, then assign a static IP address in the private range
2) If the switch's management interface supports to be out of band, that interface could be bridged to your LAN and get a LAN IP from your DHCP server
3) If you are using a Linux computer to do the tapping, configure two NICs to be in the bridge interface and tcpdump on that bridge interface could view the traffic passing through them
4) On Linux computer port mirroring could be accomplished using tc qdisc and filter independent of whether a routable address is even assigned to an interface
