Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
688
Views
0
Helpful
4
Replies

port SPAN on a Catalyst 2970 for Websense

gordons
Level 1
Level 1

‎05-04-2009 09:37 AM - edited ‎03-06-2019 05:31 AM

We have a Websense server connected to a Catalyst 2970, and also a PIX 515 through which outbound http traffice passes for users to surf the web.

The problem is, when I enter the "monitor session 1 destination" command on the interface the Websense server is connected to, we can no longer reach the server.

We had this working on a 2950, but it would occasionally lock up, so we are trying a 2970.

One difference I noticed in the output of "show monitor session 1 detail" is that the Ingress Encapsulation is NATIVE on the 2950, and it shows UNTAGGED on the 2970.

Not sure if that is relevant, and I see now way to manually set that to NATIVE.

Any thoughts?

Labels:
0 Helpful
4 Replies 4

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎05-04-2009 10:18 AM

Hello Gordon,

if you are trying to manage the server using the same port that is destination of the traffic this can be a problem.

you need to add an option to enable incoming traffic on the destination port

Enter ingress with keywords to enable forwarding of incoming traffic on the destination port and to specify the encapsulation type:

•dot1q vlan vlan-id-Accept incoming packets with IEEE 802.1Q encapsulation with the specified VLAN as the default VLAN.

•untagged vlan vlan-id or vlan vlan-id-Accept incoming packets with untagged encapsulation type with the specified VLAN as the default VLAN.

see

http://www.cisco.com/en/US/docs/switches/lan/catalyst2975/software/release/12.2_46_ex/configuration/guide/swspan.html#wp1260596

so if you want to accept untagged frames from the destination port use ingress untagged.

Hope to help

Giuseppe

0 Helpful

gordons
Level 1
Level 1
In response to Giuseppe Larosa

‎05-04-2009 11:03 AM

I tried:

switch# monitor session 1 destination interface gig 0/23 ingress vlan 41

vlan 41 being the vlan that the websense and the firewall are both on.

this also kills our ability to reach the websense server.

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to gordons

‎05-04-2009 11:23 AM

HelloGordon ,

Have you also tried ingress untagged vlan 41 ?

Hope to help

Giuseppe

0 Helpful

gordons
Level 1
Level 1
In response to Giuseppe Larosa

‎05-04-2009 11:29 AM

Guiueseppe,

I have tried untagged, dot1q, and plain vlan 41.

This worked on the 2950, but doesn't work on the 2970, which is at a newer IOS version.

The only difference I can see between the two switch configs is the Ingress encapsulation.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card