I'm wanting to monitor incoming and outgoing traffic and am having some trouble.
Both the port needing to be monitored port(source) and the port w/ the sniffer on it(destination) are on the same vlan on a 2950-48. After reading up on SPAN and having done something similar on a 1900 and 2924 switch I configured SPAN with the following commands:
monitor session 1 source interface FastEthernet0/4
monitor session 1 destination interface FastEthernet0/7
Afterwards the sniffer on fa0/7 was down. Only after I read the below url
Did I find that destination SPAN ports can't forward normal traffic - so basically if you have a sniffer/traffic analizer on that port you loose the ability to communication w/ that device remotely.
Is it just me or is that totally unacceptable.........
On the trusty 2924 you'd just configure a monitor port like so..
port monitor FastEthernet0/4
then all traffic going in or out of fa0/4 would be forwarded to fa0/7 AND you'd be able to communicate with the device on fa0/7.
What happened that this isn't allowed anymore??? I need remote access to this traffic analizer while its doing its job. However I can't do that w/ my 2950-48 but I could do the job with the older 2924?
What gives??? This seems like a step backwards to me...