-
Research
and Publications
Current Issue
March/April 2013
EDUCAUSE ReviewPublications
-
Conferences
and Events
Annual Conference
October 15–18, 2013
Save the date!Events for all Levels and Interests
Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.
-
Career
Development
EDUCAUSE Institute
Leadership/Management Programs
Explore MoreCareer Center
Leadership and Management Programs
EDUCAUSE Institute
Advanced Programs
Project Management
Jump Start Your Career Growth
Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.
-
Focus Areas
and InitiativesLatest Topics
EDUCAUSE organizes its efforts around three IT Focus Areas
Join These Programs If Your Focus Is
-
Connect
and ContributeFind Others
Get on the Higher Ed IT Map
Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
-
About
EDUCAUSE
How to locate the source of problematic traffic
Recently suffered some kind of attack on our network, the internet connection was nearly 100% saturated. We disconnected several segments of our network and the symptom stopped. If the situation persists, we need options, software / hardware to help us identify and locate the origin and types of problematic traffic, an automatic lock is desirable. In our institution we have wired and wireless network, all devices Cisco brand.
We appreciate any suggestions or experience you can share with us.
Thanks, Hernan.
INCAE Business School
Alajuela, Costa Rica.
office +506 24 37 22 75
********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
We appreciate any suggestions or experience you can share with us.
Thanks, Hernan.
INCAE Business School
Alajuela, Costa Rica.
office +506 24 37 22 75
********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Recommend
Comments
I have found that if you pay for Smartnet on your core switch, then Cisco TAC will usually help you span ports there that go to the edge switches which may not all be covered under Smartnet, monitor them, use a packet capture such as Wireshark, and locate the culprit. That is our SOS plan when problematic traffic hits campus and isn’t an obvious find.
They can also assist your network engineer in implementing sticky port which causes users to have to call IT when they need to connect something new to the network if you don’t have a NAC in place. They can help you with ACLs which can block certain traffic, too. To do an automatic lock, just shut down the ports on your core using the telnet interface going to the edge switches one by one, or more than one if you want to do vlan by vlan.
If you are looking to monitor your Internet traffic and do some throttling of certain types of traffic, you may want to look into purchasing a packet shaping appliance.
Hope this is the kind of advice you were looking for.
+++++++++++++++++++++++++++++++++++++++++++++++
Joann L. Williamson
Director of Network Systems, Architecture, & Infrastructure
University of South Carolina Aiken
phone: 803-641-3473
http://www.usca.edu