SPAN port not seeing all of the traffic

Unanswered Question
Feb 26th, 2008

I have 2 6500 hybrid MSFC3 with span ports configured for Surf Control. Specifically the span ports are monitoring the inside interfaces of the PIX firewalls and mirroring the traffic to the monitoring interface of the Surf Control appliance.

Here is the following span configuration:

Destination : Port 2/37

Admin Source : Port 2/4

Oper Source : Port 2/4

Direction : transmit/receive

Incoming Packets: disabled

Learning : enabled

Multicast : enabled

Filter : -

The Surf Control is not seeing the return packet from the PIX for devices not directly routed out the L3 vlan.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
aghaznavi Tue, 03/04/2008 - 07:15

The SPAN feature was introduced on switches because of a fundamental difference that switches have with hubs. When a hub receives a packet on one port, the hub sends out a copy of that packet on all ports except on the one where the hub received the packet. After a switch boots, it starts to build up a Layer 2 forwarding table on the basis of the source MAC address of the different packets that the switch receives. After this forwarding table is built, the switch forwards traffic that is destined for a MAC address directly to the corresponding port

http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a008015c612.shtml#descp

Actions

This Discussion