SPAN Problems on Cisco 871

Unanswered Question
Jul 31st, 2011

Hi -

I am having some problems creating a SPAN port on my Cisco 871 (running IOS 12.4-11T). 

My 871 is connected to a DSL modem, and uses "IP Negotiated" to get its dynamic ip address. 

I want to monitor the WAN port (FastEthernet4) using SPAN, but when I type "monitor session 1 source interface FastEthernet4" into the cli, it is rejected.  I can successfully use any of the other FastEthernet ports, as well as Vlan1 as a source for the SPAN session. 

I have tried to use Dialer0 instead of FastEthernet4, but it still doesnt work.

Does anyone know what I am doing wrong?  I could swear that I had this exact problem a few years ago....but for the life of me I cant remember how, or if, I was able to solve it.

Thanks,

Mike

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Peter Paluch Sun, 07/31/2011 - 22:29

Mike,

I would not be surprised if the Fa4 was not be SPANnable, at least in recent IOSes, because of its WAN status. I assume it is a "no switchport", i.e. a Layer3 interface, right? On switches, there would be no problem with monitoring any interface but the 871 platform may have its limitations.

The only thing I can think of right now is using the IP Traffic Export which, however, works only for IP traffic. You may read more about the functionality here:

http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_ip_traff_export_ps6441_TSD_Products_Configuration_Guide_Chapter.html

Best regards,

Peter

boeckelr@gmail.com Sun, 07/31/2011 - 22:59

Hi Peter,

Thank you very much for the information.

I think you are right about the 871's WAN port.....After reading your post, I went and found a description of the 871 at Cisco and the WAN port is described as being separate to the 4-port switch.

What is weird, however, is when I type the following command in - "monitor session 1 source interface FastEthernet ?" and it returns <0-4>. 

I will investigate the IP Traffic Export that you mentioned in your post....to be honest, I didn't even know it existed, and it might be exactly what I am looking for.

Thanks again,

Mike

Alexander Maroukian Tue, 08/02/2011 - 04:45

Why don't you just monitor the switchports. It would be easier if you are using one port from the FA 0-3. Then if you want to monitor the ingress traffic from internet you just monitor the egress from port FA 0 if it this is the one you are using to connect to your network. If you want you can monitor all the traffic both ingress or egress. If you use more ports there are few other options.

Best regards,

Alex

Paolo Bevilacqua Tue, 08/02/2011 - 14:33

As others said, a regular LAN interface cannot do SPAN.

You can use IOS packet capture to see what's going through.

Actions

Login or Register to take actions

This Discussion

Posted July 31, 2011 at 5:46 PM
Stats:
Replies:4 Overall Rating:
Views:1240 Votes:0
Shares:0
Tags: No tags.
Categories: Routers
+
 

Discussions Leaderboard

Rank Username Points
1
Giuseppe Larosa
9,434
2
Paolo Bevilacqua
8,817
3
Richard Burts
8,489
4
Jon Marshall
7,058
5
Peter Paluch
5,481
Rank Username Points
Jon Marshall
242
Peter Paluch
90
Joseph W. Doherty
65
Leo Laohoo
50
Richard Burts
48