spanport catalyst 2950

Unanswered Question
Mar 12th, 2007
User Badges:

I have some questions about a span port on a 2950. when i want to monitor a port must the source and the destination port belong to the same vlan ?


How should i understand following commands, when interface Fa0/47 is configured for i.e. vlan 10 (access port) :

monitor session 1 source interface Fa0/47

monitor session 1 destination interface Fa0/48 ingress vlan 282


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
cratejockey Mon, 03/12/2007 - 06:11
User Badges:

First thing to note is this; If you are using typical monitor commands to mirror ports not RSPAN, then your destination is a mirror of your source port. That means that both ports the exact same traffic and the vlan settings for the destination mean nothing. In order to view what the destination is seeing you will need a packet capture program and an interface that is Promiscuous mode. There are also appliances such as IDS that require a spanned port to function.


To speak to your specific commands here is what I see;


"monitor session 1 source interface Fa0/47"

Is missing an RX, TX or both command to state what traffic on the port you want to monitor. Without that parameter the span is configured but will not pass any traffic.


"monitor session 1 destination interface Fa0/48 ingress vlan 282 "

I went into a production switch with multiple VLAN's and attempted this full command. IOS does not allow any parameters past interface Fa0/48. Where did you get the ingress vlan 282?


I know that Monitor/SPAN commands have changed over time with IOS revisions. So you may have a different command set than what I am working off of. Here is the link to Cisco's documentation concerning Spanning ports on Catalyst Switches;

http://www.cisco.com/warp/public/473/41.html#topic5


I hoped this helped.

www.staticnat.com

pbogaerts Mon, 03/12/2007 - 13:43
User Badges:

The missing Rx,Tx or both is not an issue, default is both but i did some further research on the option ingress vlan id, and when i understand this good this option gives the monitor port the availability to sent traffic to the specified vlan. But is this not dangerous ?


Thanks,


Peter

Actions

This Discussion