Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
300
Views
0
Helpful
2
Replies

A Catalyst SPAN question

elfrancesco
Level 1
Level 1

‎10-08-2007 07:22 AM - edited ‎03-05-2019 06:57 PM

Hello,

I have a device which needs to listen to all traffic on a specific VLAN, but i also need this device to be able to communicate (at Layer 3) with some other computers in a different subnet.

I have a 4500 series and a 3560 series.

On the 4500 i used a command like this one :

monitor session 1 source vlan 15

monitor session 1 destination interface Gi5/3 ingress vlan 14 learning

and this works perfectly.

BUT

i need to do the same thing on the 3560 one but this Catalyst doesn't support the "learning" tag.

When i read the IOS documentation i can read that for a SPAN destination port :

"?When it is active, incoming traffic is disabled. The port does not transmit any traffic except that required for the SPAN session. Incoming traffic is never learned or forwarded on a destination port.

?If ingress traffic forwarding is enabled for a network security device, the destination port forwards traffic at Layer 2."

My question is i am wondering if activating the ingress parameter on my destination port will work (in fact this is certainly an english understanding problem since i am french). Unfortunatly i can't make tests like i did with the 4500 L3 Switch, this is why i ask here to be sure of how this will work when i will have to set the 3560 thing up.

(hope to be understandable)

Thanks by advance for any help

Labels:
0 Helpful
2 Replies 2

wdrootz
Level 4
Level 4

‎10-12-2007 11:30 AM

Try this configuration in your 3560 (change the interface depends upon your device)

This shows how to set up SPAN session 1 for monitoring source port traffic to a destination port. First, any existing SPAN configuration for session 1 is deleted, and then bidirectional traffic is mirrored from source Gigabit Ethernet port 1 to destination Gigabit Ethernet port 2, retaining the encapsulation method.

Switch(config)# no monitor session 1

Switch(config)# monitor session 1 source interface gigabitethernet1/0/1

Switch(config)# monitor session 1 destination interface gigabitethernet1/0/2 encapsulation replicate

Switch(config)# end

This example shows how to remove port 1 as a SPAN source for SPAN session 1:

Switch(config)# no monitor session 1 source interface gigabitethernet1/0/1

Switch(config)# end

0 Helpful

elfrancesco
Level 1
Level 1
In response to wdrootz

‎10-13-2007 02:52 AM

Thanks anyway but this is not what i need :

I need to monitor a VLAN a physical Interface or whatever AND : still be able to act as a normal workstation which means, i need to be able to send and receive packets to the whole Network (instead of just receiving monitored trafic / packet)

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card