04-16-2007 09:52 AM - edited 03-05-2019 03:29 PM
I have not been able to mirror firewall traffic to surf control since we changed switches to catalyst 4506. I have the following commands entered where Gi5/23 is the firewall interface and Gi5/12 is the SurfControl interface:
monitor session 1 source interface Gi5/23
monitor session 1 destination interface Gi5/12 ingress vlan 150 learning
sho monitor detail
Session 1
---------
Type : Local Session
Source Ports :
RX Only : None
TX Only : None
Both : Gi5/23
Source VLANs :
RX Only : None
TX Only : None
Both : None
Source RSPAN VLAN : None
Destination Ports : Gi5/12
Encapsulation : Native
Ingress : Enabled, default VLAN = 150
Learning : Enabled
Filter VLANs : None
Filter Addr Type :
RX Only : None
TX Only : None
Both : None
Filter Pkt Type :
RX Only : None
Dest RSPAN VLAN : None
IP Access-group : None
Any ideas on why it's not working?
Thanks,
Mary
04-16-2007 12:43 PM
Further on this .... The network card on the surf control server is receiving packets. It just isn't doing anything with them -- no send packets and nothing appearing in surf control.
Thanks,
Mary
05-01-2007 07:44 AM
We moved SurfControl off of the hub to a Cisco 3750. What we did different is we made the source VLAN 1 (data VLAN) and made the destination the port where the SurfControl server is connected to. Hopes this helps.
05-01-2007 08:49 AM
What finally did it for us was adding encapsulation parameter to the destination.
I'm still a little unclear about which VLAN I should be using -- do you create one specifically for that port or use one that's already in use. We've got 6 VLANs in use.
I used VLAN 150 because that's where the destination port is assigned already.
It is working now, so I'm not going to mess with it.
Thanks,
Mary
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide