cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1833
Views
0
Helpful
4
Replies

SPAN Problems on Cisco 871

boeckelr
Level 1
Level 1

Hi -

I am having some problems creating a SPAN port on my Cisco 871 (running IOS 12.4-11T). 

My 871 is connected to a DSL modem, and uses "IP Negotiated" to get its dynamic ip address. 

I want to monitor the WAN port (FastEthernet4) using SPAN, but when I type "monitor session 1 source interface FastEthernet4" into the cli, it is rejected.  I can successfully use any of the other FastEthernet ports, as well as Vlan1 as a source for the SPAN session. 

I have tried to use Dialer0 instead of FastEthernet4, but it still doesnt work.

Does anyone know what I am doing wrong?  I could swear that I had this exact problem a few years ago....but for the life of me I cant remember how, or if, I was able to solve it.

Thanks,

Mike

4 Replies 4

Peter Paluch
Cisco Employee
Cisco Employee

Mike,

I would not be surprised if the Fa4 was not be SPANnable, at least in recent IOSes, because of its WAN status. I assume it is a "no switchport", i.e. a Layer3 interface, right? On switches, there would be no problem with monitoring any interface but the 871 platform may have its limitations.

The only thing I can think of right now is using the IP Traffic Export which, however, works only for IP traffic. You may read more about the functionality here:

http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_ip_traff_export_ps6441_TSD_Products_Configuration_Guide_Chapter.html

Best regards,

Peter

Hi Peter,

Thank you very much for the information.

I think you are right about the 871's WAN port.....After reading your post, I went and found a description of the 871 at Cisco and the WAN port is described as being separate to the 4-port switch.

What is weird, however, is when I type the following command in - "monitor session 1 source interface FastEthernet ?" and it returns <0-4>. 

I will investigate the IP Traffic Export that you mentioned in your post....to be honest, I didn't even know it existed, and it might be exactly what I am looking for.

Thanks again,

Mike

Why don't you just monitor the switchports. It would be easier if you are using one port from the FA 0-3. Then if you want to monitor the ingress traffic from internet you just monitor the egress from port FA 0 if it this is the one you are using to connect to your network. If you want you can monitor all the traffic both ingress or egress. If you use more ports there are few other options.

Best regards,

Alex

paolo bevilacqua
Hall of Fame
Hall of Fame

As others said, a regular LAN interface cannot do SPAN.

You can use IOS packet capture to see what's going through.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: