port SPAN on a Catalyst 2970 for Websense

Unanswered Question

We have a Websense server connected to a Catalyst 2970, and also a PIX 515 through which outbound http traffice passes for users to surf the web.

The problem is, when I enter the "monitor session 1 destination" command on the interface the Websense server is connected to, we can no longer reach the server.

We had this working on a 2950, but it would occasionally lock up, so we are trying a 2970.

One difference I noticed in the output of "show monitor session 1 detail" is that the Ingress Encapsulation is NATIVE on the 2950, and it shows UNTAGGED on the 2970.

Not sure if that is relevant, and I see now way to manually set that to NATIVE.

Any thoughts?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Mon, 05/04/2009 - 10:18

Hello Gordon,

if you are trying to manage the server using the same port that is destination of the traffic this can be a problem.

you need to add an option to enable incoming traffic on the destination port

Enter ingress with keywords to enable forwarding of incoming traffic on the destination port and to specify the encapsulation type:

•dot1q vlan vlan-id-Accept incoming packets with IEEE 802.1Q encapsulation with the specified VLAN as the default VLAN.

•untagged vlan vlan-id or vlan vlan-id-Accept incoming packets with untagged encapsulation type with the specified VLAN as the default VLAN.

see

http://www.cisco.com/en/US/docs/switches/lan/catalyst2975/software/release/12.2_46_ex/configuration/guide/swspan.html#wp1260596

so if you want to accept untagged frames from the destination port use ingress untagged.

Hope to help

Giuseppe

Actions

This Discussion