Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
336
Views
0
Helpful
4
Replies

port errors on 5509

mayberr
Level 1
Level 1

‎02-04-2004 11:05 AM - edited ‎03-02-2019 01:21 PM

Is there a way to switch a 5509 to store and forward mode, so when I span a port I can see the errors come in on a port? I have a remote sniffer attached to the switch to save me from going to the remote location. But I can't see the errors comming from the hub because the switch kills those packets. The counters on the port are nice but are not much help to identify who doing what. You can change the mode on a 3200 but I see no command to change it on a 5505. Thoughts/ideas anyone?

Labels:
0 Helpful
4 Replies 4

lebrasseur
Level 1
Level 1

‎02-04-2004 11:34 AM

you don't need to change mode in this case

first, make sure there are no other span session running

switch(enable)set span disable

switch(enable)set span inpkts enable

example : set span 3/1 3/2 inpkts enable

there are also other option you could use.

just type set span 3/1 3/2 ?

good luck !

0 Helpful

mayberr
Level 1
Level 1
In response to lebrasseur

‎02-04-2004 02:23 PM

Thanks for the info but I still see no errors on the sniffer. Though the counter on the switch sees them. Of course if the errors occur before the first 2 bytes of the destination mac, the sniffer wont see it. I'll keep

looking.

0 Helpful

jfolkers
Level 1
Level 1
In response to mayberr

‎02-04-2004 02:41 PM

You may need a Tap instead of a span port. lebrasseur is correct. A span port must be set up properly first, however span ports DO NOT see all traffic because the switch will drop packets that are too short or other types of errors.

You need to read this wonderfully written pdf on the subject of Taps Vs. Span: http://www.netoptics.com/products/pdf/taps-and-span-ports.pdf

Specifically, read the paragraph here from that pdf->

"...In contrast, a monitoring device connected to a SPAN port on a switch does not see all traffic. Corrupt network packets, or packets below minimum size, are usually dropped by the ingress ports on a switch; corrupt packets visible to the monitoring device are usually generated within the egress segment. In addition, switches eliminates layer 1 and select layer 2 errors. Without this information, it is impossible to properly troubleshoot common physical layer problems such as bad frames generated by a faulty NIC.

Additionally, the 5509 is a store-and-forward switch. Here's the doc that says that -> http://www.cisco.com/warp/public/cc/pd/si/casi/ca5000/prodlit/5509_ds.htm

0 Helpful

mayberr
Level 1
Level 1
In response to jfolkers

‎02-04-2004 07:41 PM

Thanks for the info. After I submited the question I thought "hey stupid, it is in store and forward. I need it to be in cut through. DUHHHHH. Normally I would just take the portable sniffer out and attach it to the hub. In this case somebody "hijacked the closet" and we have to search far and wide to get somebody to open the door. Well if it was easy anybody could do it. Thanks again for the info

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents