Monitor traffic on a switch?

whiteford · ‎11-01-2007

Hi, not sure if this is possible, but I'm getting a Cisco ASA 5520 Firewall. I will use one of the ports on the 5520 for my DMZ's and trunk it to a port on a switch for VLAN tagging.

Anyway I love the feature on router - "ip route-cache flow" it shows the source and destination of the traffic. I have yet to buy a switch for my VLAN's for the DMZ's, I really would like to monitor the traffic going through the ports/VLANS, so if a users says something is slow I can look on the switch ans say it's IP 1.2.3.4 going to 4.3.2.1 or port causing the problem. Is there a catalyst switch that can do this for me?

steveo123 · ‎11-01-2007

you can use a few different methods. But the easyest one is Switched Port Analyzer (SPAN) feature. here is the link

http://www.cisco.com/univercd/cc/td/doc/product/voice/ics/icsapps/icscra/cra30/icsspan.htm

Regards,

Steve K

guruprasadr · ‎11-01-2007

HI, [DO RATE ALL HELPFUL POSTS]

Refer the attachment for Cisco SPAN Configuration.

In SPAN Config, the Source and Destination Port should be on the Same Switch.

Max of 6 SPAN Sessions can be created in a CISCO Switch.

Use Ethereal to capture the Packets during the SPAN Sessions.

DO RATE ALL HELPFUL POSTS.

Best Regards,

Guru Prasad R

whiteford · ‎11-03-2007

Hi, can you attach the file again I haven't downloaded it yet.

Thanks

whiteford · ‎11-01-2007

Thanks, can it show the bandwidth someone is using too?

guruprasadr · ‎11-02-2007

HI, [Pls Rate if HELPS]

SPAN Session + packet capture can be used to verify and validate the traffic source and destination address / port and packet Types.

If you want to validate the Bandwidth used by each User means: Enable "ip accounting" in the Interfaces.

It will be provide the Src, Destn, Bytes transferred, etc.,

Refer link below:

http://www.cisco.com/en/US/docs/ios/12_1/iproute/command/reference/1rdip.html#wp1018815

PLS RATE if HELPS

Best Regards,

Guru Prasad R

whiteford · ‎11-02-2007

Would you use Ethereal for you captures, or is there something better, perhaps a web based option?

Also Do I enable ip accounting on the interface of the ASA 5520 or on the port on the VLAN switch eg fast ethernet 0/20?

guruprasadr · ‎11-02-2007

HI,

Ethereal is Best and easy.

Enable ip accounting in VLAN Switch fast Eth0/20

I don't know whether ip accounting will work on ASA 5520.

DO RATE all HELPFUL POSTS.

Best Regards,

Guru Prasad R

whiteford · ‎11-02-2007

So I use Ethereal to get the info on IP accounting on Fast Eth0/20?

If so do I just span the 0/20 port to a spare port on the switch then put in my laptop with etherreal running?

guruprasadr · ‎11-02-2007

HI, [DO Rate all Helpful Posts]

"ip accounting" is something different from SPAN Session configuration.

Pls refer the link provided in my previous POST reg "ip accounting"

Enable SPAN session on the Switch and specify the source and destination port. Then put in your laptop with Ethereal Running.

Do Rate All Helpful POSTS.

Best Regards,

Guru Prasad R

whiteford · ‎11-02-2007

I see the the SPAN and IP accounting are separate, I just can't seem to see how I show the IP accounting information, do you have an example of how I would show this and what it might look like?

guruprasadr · ‎11-02-2007

HI,

#show ip accounting

Source-

Destination-

Packets-

Bytes-

The above will be displayed in a horizontal manner.

Whereas after SPAN Configuration in switch the results can be arrived only by means of Packet Capture software like ethereal.

Do RATE all HELPFUL POSTS

Best Regards,

Guru Prasad R

whiteford · ‎11-02-2007

I don't think my Cisco 3550 Cataylst switch can do "ip accounting" I don't get the option.