Port Mirroring and Surf Control

csisadmin · ‎04-16-2007

I have not been able to mirror firewall traffic to surf control since we changed switches to catalyst 4506. I have the following commands entered where Gi5/23 is the firewall interface and Gi5/12 is the SurfControl interface:

monitor session 1 source interface Gi5/23

monitor session 1 destination interface Gi5/12 ingress vlan 150 learning

sho monitor detail

Session 1

---------

Type : Local Session

Source Ports :

RX Only : None

TX Only : None

Both : Gi5/23

Source VLANs :

RX Only : None

TX Only : None

Both : None

Source RSPAN VLAN : None

Destination Ports : Gi5/12

Encapsulation : Native

Ingress : Enabled, default VLAN = 150

Learning : Enabled

Filter VLANs : None

Filter Addr Type :

RX Only : None

TX Only : None

Both : None

Filter Pkt Type :

RX Only : None

Dest RSPAN VLAN : None

IP Access-group : None

Any ideas on why it's not working?

Thanks,

Mary

csisadmin · ‎04-16-2007

Further on this .... The network card on the surf control server is receiving packets. It just isn't doing anything with them -- no send packets and nothing appearing in surf control.

Thanks,

Mary

robertandreu · ‎05-01-2007

We moved SurfControl off of the hub to a Cisco 3750. What we did different is we made the source VLAN 1 (data VLAN) and made the destination the port where the SurfControl server is connected to. Hopes this helps.

csisadmin · ‎05-01-2007

What finally did it for us was adding encapsulation parameter to the destination.

I'm still a little unclear about which VLAN I should be using -- do you create one specifically for that port or use one that's already in use. We've got 6 VLANs in use.

I used VLAN 150 because that's where the destination port is assigned already.

It is working now, so I'm not going to mess with it.

Thanks,

Mary