A Catalyst SPAN question

Unanswered Question
Oct 8th, 2007

Hello,

I have a device which needs to listen to all traffic on a specific VLAN, but i also need this device to be able to communicate (at Layer 3) with some other computers in a different subnet.

I have a 4500 series and a 3560 series.

On the 4500 i used a command like this one :

monitor session 1 source vlan 15

monitor session 1 destination interface Gi5/3 ingress vlan 14 learning

and this works perfectly.

BUT

i need to do the same thing on the 3560 one but this Catalyst doesn't support the "learning" tag.

When i read the IOS documentation i can read that for a SPAN destination port :

"?When it is active, incoming traffic is disabled. The port does not transmit any traffic except that required for the SPAN session. Incoming traffic is never learned or forwarded on a destination port.

?If ingress traffic forwarding is enabled for a network security device, the destination port forwards traffic at Layer 2."

My question is i am wondering if activating the ingress parameter on my destination port will work (in fact this is certainly an english understanding problem since i am french). Unfortunatly i can't make tests like i did with the 4500 L3 Switch, this is why i ask here to be sure of how this will work when i will have to set the 3560 thing up.

(hope to be understandable)

Thanks by advance for any help

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
wdrootz Fri, 10/12/2007 - 11:30

Try this configuration in your 3560 (change the interface depends upon your device)

This shows how to set up SPAN session 1 for monitoring source port traffic to a destination port. First, any existing SPAN configuration for session 1 is deleted, and then bidirectional traffic is mirrored from source Gigabit Ethernet port 1 to destination Gigabit Ethernet port 2, retaining the encapsulation method.

Switch(config)# no monitor session 1

Switch(config)# monitor session 1 source interface gigabitethernet1/0/1

Switch(config)# monitor session 1 destination interface gigabitethernet1/0/2 encapsulation replicate

Switch(config)# end

This example shows how to remove port 1 as a SPAN source for SPAN session 1:

Switch(config)# no monitor session 1 source interface gigabitethernet1/0/1

Switch(config)# end

elfrancesco Sat, 10/13/2007 - 02:52

Thanks anyway but this is not what i need :

I need to monitor a VLAN a physical Interface or whatever AND : still be able to act as a normal workstation which means, i need to be able to send and receive packets to the whole Network (instead of just receiving monitored trafic / packet)

Actions

This Discussion