×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Switch Port Mirroring Problem

Unanswered Question
Feb 3rd, 2014
User Badges:

Hi,


Configured port mirroring in Cisco 6509E, but unable to see and capture trafffic of protocols like ssh, telnet, ftp, tftp and so on.


The setup is like this configured source on the port of 6509 switch connecting to asa and going outside( port gig2/24), destination at inside one port of the switch and using webscense app for capturing (port gig2/14).


This is the IOS we are using -- s72033_rp Software (s72033_rp-IPSERVICESK9_WAN-VM), Version 12.2(33)SXH5.


The below are the confoiguration used.


1. monitor session 1 source int giga ethernet 2/24

2. monitor session 1 destination giga ethernet 2/14


Kindly help me resolving the problem.


Thanks & regards


Suresh Kumar Balakrishnan




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
John Blakley Mon, 02/03/2014 - 03:54
User Badges:
  • Purple, 4500 points or more

Using websense app for a destination? You're probably going to want to look at wccp..



HTH,
John

*** Please rate all useful posts ***

sureshkumaar13 Mon, 02/17/2014 - 03:12
User Badges:

Hi Mr. John,


You mean to say port mirroring will not work.


Also if wccp is the solution, kindly request sample configuration or link for that.


Thanks & Regards


Suresh Kumar

Jon Marshall Mon, 02/17/2014 - 05:46
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Suresh


It depends on what you are trying to do. If you are trying to redirect http traffic to a proxy server for example then WCCP is the way to go although i have never used it before.


If you simply want to see what traffic is leaving the gi2/24 port towards the ASA then port mirroring is the answer but you need to use a packet capturing tool to see the traffic.


So which do you actually want to do ?


Jon

sureshkumaar13 Tue, 02/18/2014 - 03:27
User Badges:

Hi Jhon,


I want to see the traffic ( using webscense) using port mirroring.


But in my case i am not able to see the traffic like telnet, ssh, ftp, tftp and others using the above two line commands which i mentioned above.


Is there any other specific configuration, kindly help me out.


Thanks & Regards


Suresh Kumar

Jon Marshall Tue, 02/18/2014 - 03:31
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Suresh


Not familiar with Websense but did a quick search and it seems like it supports tcpdump at the command line.


Is this what you are using ?


Jon

Actions

This Discussion

Related Content