Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
441
Views
4
Helpful
3
Replies

Span Sessions

deepa.muralidharan
Level 1
Level 1

‎06-30-2008 02:07 AM - edited ‎03-05-2019 11:53 PM

Hi,

I have an issue with spanning a port on the switch. Please assist.

I have a switch of 4510R-E series with port 8/47 providing MAN lin kconnectivity to another office. I see the tx or rx load on the interface to be hitting 250 every 1 min or so. I would want to trace the traffic on this link. So, I thoght of spanning the traffic onto a system & analyze. th eport 8/47 is on VLAN 250. I configured the below:

monitor session 2 source vlan 250

monitor session 2 destination interface fa 8/11

I have my local system connected to fa 8/11 on the same switch. When I configure the span this way, I lose connectivity to the system on 8/11. The moment I remove the configurtaion, I am able to ping to the system & access the system. Why is this so?

How do I proceed with this ?

Labels:
0 Helpful
3 Replies 3

gpulos
Level 8
Level 8

‎06-30-2008 03:19 AM

This is because the SPAN sets the port to only forward SPAN traffic. (the traffic to your sniffer/analyzer)

The SPAN port disables the forwarding of non SPAN traffic; any traffic from your PC, so the PC connectivity is in essence lost while the SPAN is in effect.

Utilize your sniffer/analyzer while the SPAN is in effect and it will capture all the traffic the SPAN sends to port 8/11.

Please see the following link for more SPAN info:

Characteristics of a SPAN Destination port:

http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a008015c612.shtml#charac_dest

0 Helpful

dhananjoy chowdhury
Level 5
Level 5
In response to gpulos

‎07-01-2008 03:35 AM

Hi,

The best way to do this is that there should be two ethernet cards on the system -

- one card will be in promiscous mode , collecting all traffic from the SPAN port on the switch for analysing/sniffing traffic.

- the other card will be operating normally for network access.

0 Helpful

dhananjoy chowdhury
Level 5
Level 5
In response to dhananjoy chowdhury

‎07-01-2008 03:39 AM

Hi,

Suppose you have eth0 and eth1 on your system,

then

eth0 - (promiscous mode) - configure tools like Wireshark/Ethrreal to sniff traffic on this port. Connect this to the 8/47 port as in your case.

Eth1 - (access mode) - for your system to acces s network, connect this to the normal user VLAN port on the switch.

Rate if helpful.

dhananjoy

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card