cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1176
Views
0
Helpful
3
Replies

Configuring SPAN port for Websense

pcybulski
Level 1
Level 1

I saw similar posts but I am still lost and my configuration is a bit different.  I have configured a SPAN port on my Cisco 4510 switch, however I am not seeing the desired traffic in my Websense server.  I am verifying using Wireshark as suggested by Websense support, but I am seeing no results. 

Here is the show monitor for the session I created:

Session 4

---------

Type                   : Local Session

Source VLANs           :

    Both               : 1-252

Destination Ports      : Fa7/2

    Encapsulation      : Native

          Ingress      : Enabled, default VLAN = 1

         Learning : Disabled

Filter Pkt Type        :

    RX Only       : Good

We have a lot of VLANs and I am trying to monitor almost all of them to see what type of bandwidth is being used.

Suggestion from Websense support:

You can run Wireshark against the NIC you're port spanning to and use the filter:

http contains purple.com

Each time you feel you may have configured your port span correctly, go to purple.com from a workstation that should be passing through the configured port span. You should see a GET request packet appear in WIreshark if your port span is correctly configured.

3 Replies 3

Jose Solano
Level 4
Level 4

Hi Paul,

In this case, I see that you are sending traffic from vlans 1-252 to a fast ethernet port. Do you see any drops on that interface? It just because I would say that the amount of traffic is too much for a Fastethernet port which may cause congestion and output drops. Therefore you might not see all traffic as desire.

Hope this helps.

John Blakley
VIP Alumni
VIP Alumni

Paul,

Can you post "sh run | i monitor"?

HTH,

John

HTH, John *** Please rate all useful posts ***

Here is how I have my port configured at the moment:

---

interface FastEthernet7/2

switchport mode access

end

---

monitor session 4 source vlan 1 - 252

monitor session 4 filter packet-type good rx

monitor session 4 destination interface Fa7/2 ingress vlan 1

---

Session 4

---------

Type                   : Local Session

Source VLANs           :

    Both               : 1-252

Destination Ports      : Fa7/2

    Encapsulation      : Native

          Ingress      : Enabled, default VLAN = 1

         Learning : Disabled

Filter Pkt Type        :

    RX Only       : Good

---

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: