07-09-2008 12:12 AM - edited 03-06-2019 12:05 AM
Hi,
I have one qeustion for you all.
Next config is my customer's switch configuration.
-----------------------------------------
ackbone_SW#sh monitor detail
Session 1
---------
Type : Local Session
Source Ports :
RX Only : None
TX Only : None
Both : None
Source VLANs :
RX Only : None
TX Only : None
Both : 20-22,30,40,50
Source RSPAN VLAN : None
Destination Ports : Gi5/19
Encapsulation : DOT1Q
Ingress : Disabled ----> what function is this ?
Learning : Disabled ----> what function is this ?
Filter VLANs : None
Filter Addr Type :
RX Only : None
TX Only : None
Both : None
Filter Pkt Type :
RX Only : None
Dest RSPAN VLAN : None
IP Access-group : None
--------------------------------------
I'm waiting your answer.
Thanks so much.
Solved! Go to Solution.
07-09-2008 12:59 AM
It means that the traffic you monitor will include dot1q tags to tell you which VLAN they came from.
Beware: if your are using Ethereal or Wireshark, or other PC based monitor, the NIC will usually strip off the dot1q header before the traffic gets to the analyser. If you want to see the dot1q header, you usually have to hack the registry. I wrote about it in my blog:
http://dorreke.wordpress.com/2008/05/01/seeing-dot1q-tagged-traffic-in-ethereal/
Kevin Dorrell
Luxembourg
07-09-2008 12:40 AM
Port G5/19 is where you put your monitoring machine ... sniffer or whatever.
"Ingress disabled" means that if your monitoring machine generates any packets, they will not be propagated to the network. You might want to enable ingress, for example, when your monitoring machine is also your workstation, that should have access to your network.
Learning disabled means that if your monitoring machine generates any packets, their source address does not go into the MAC forwarding table of the switch. That is, packets to that address will continue to be unicast flooded.
Kevin Dorrell
Luxembourg
07-09-2008 12:53 AM
Thanks so much your reply.
If you are ok, I have one more question.
In mirroring section, why I have to put dot1q ?
For vlans mirroring ? Is that right ?
Regards,
07-09-2008 12:59 AM
It means that the traffic you monitor will include dot1q tags to tell you which VLAN they came from.
Beware: if your are using Ethereal or Wireshark, or other PC based monitor, the NIC will usually strip off the dot1q header before the traffic gets to the analyser. If you want to see the dot1q header, you usually have to hack the registry. I wrote about it in my blog:
http://dorreke.wordpress.com/2008/05/01/seeing-dot1q-tagged-traffic-in-ethereal/
Kevin Dorrell
Luxembourg
07-09-2008 01:19 AM
Thanks so much .
My questions was solved.
I'm so sorry but could you relpy about another my post on this board ?
It is about Mirroring of C6509.
Have a nice day.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: