Monitor traffic on a switch?

Unanswered Question
Nov 1st, 2007
User Badges:

Hi, not sure if this is possible, but I'm getting a Cisco ASA 5520 Firewall. I will use one of the ports on the 5520 for my DMZ's and trunk it to a port on a switch for VLAN tagging.


Anyway I love the feature on router - "ip route-cache flow" it shows the source and destination of the traffic. I have yet to buy a switch for my VLAN's for the DMZ's, I really would like to monitor the traffic going through the ports/VLANS, so if a users says something is slow I can look on the switch ans say it's IP 1.2.3.4 going to 4.3.2.1 or port causing the problem. Is there a catalyst switch that can do this for me?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
guruprasadr Thu, 11/01/2007 - 21:58
User Badges:
  • Gold, 750 points or more

HI, [DO RATE ALL HELPFUL POSTS]


Refer the attachment for Cisco SPAN Configuration.


In SPAN Config, the Source and Destination Port should be on the Same Switch.


Max of 6 SPAN Sessions can be created in a CISCO Switch.


Use Ethereal to capture the Packets during the SPAN Sessions.


DO RATE ALL HELPFUL POSTS.


Best Regards,


Guru Prasad R



whiteford Sat, 11/03/2007 - 03:42
User Badges:

Hi, can you attach the file again I haven't downloaded it yet.


Thanks

whiteford Thu, 11/01/2007 - 23:54
User Badges:

Thanks, can it show the bandwidth someone is using too?

guruprasadr Fri, 11/02/2007 - 00:13
User Badges:
  • Gold, 750 points or more

HI, [Pls Rate if HELPS]


SPAN Session + packet capture can be used to verify and validate the traffic source and destination address / port and packet Types.


If you want to validate the Bandwidth used by each User means: Enable "ip accounting" in the Interfaces.


It will be provide the Src, Destn, Bytes transferred, etc.,



Refer link below:

http://www.cisco.com/en/US/docs/ios/12_1/iproute/command/reference/1rdip.html#wp1018815



PLS RATE if HELPS


Best Regards,


Guru Prasad R

whiteford Fri, 11/02/2007 - 01:03
User Badges:

Would you use Ethereal for you captures, or is there something better, perhaps a web based option?


Also Do I enable ip accounting on the interface of the ASA 5520 or on the port on the VLAN switch eg fast ethernet 0/20?

guruprasadr Fri, 11/02/2007 - 01:27
User Badges:
  • Gold, 750 points or more

HI,


Ethereal is Best and easy.


Enable ip accounting in VLAN Switch fast Eth0/20


I don't know whether ip accounting will work on ASA 5520.


DO RATE all HELPFUL POSTS.


Best Regards,


Guru Prasad R

whiteford Fri, 11/02/2007 - 01:48
User Badges:

So I use Ethereal to get the info on IP accounting on Fast Eth0/20?


If so do I just span the 0/20 port to a spare port on the switch then put in my laptop with etherreal running?

guruprasadr Fri, 11/02/2007 - 01:53
User Badges:
  • Gold, 750 points or more

HI, [DO Rate all Helpful Posts]


"ip accounting" is something different from SPAN Session configuration.


Pls refer the link provided in my previous POST reg "ip accounting"


Enable SPAN session on the Switch and specify the source and destination port. Then put in your laptop with Ethereal Running.


Do Rate All Helpful POSTS.


Best Regards,


Guru Prasad R

whiteford Fri, 11/02/2007 - 02:15
User Badges:

I see the the SPAN and IP accounting are separate, I just can't seem to see how I show the IP accounting information, do you have an example of how I would show this and what it might look like?

guruprasadr Fri, 11/02/2007 - 02:34
User Badges:
  • Gold, 750 points or more

HI,


#show ip accounting

Source-

Destination-

Packets-

Bytes-


The above will be displayed in a horizontal manner.


Whereas after SPAN Configuration in switch the results can be arrived only by means of Packet Capture software like ethereal.


Do RATE all HELPFUL POSTS


Best Regards,


Guru Prasad R

whiteford Fri, 11/02/2007 - 05:54
User Badges:

I don't think my Cisco 3550 Cataylst switch can do "ip accounting" I don't get the option.

Actions

This Discussion