Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Traffic filtering

Unanswered Question
Feb 21st, 2006
User Badges:


I wonder if someone can please help.

A customer has two Layer2 switch's trunked to each other, and is requesting what conversations are flowing between the two switches. There is a total of 10 Vlans on each switch. They need a permanent setup to check the dataflow. We don't really want to leave a sniffer running on one of the switch's SPANning the Trunk port. Is there another way we can see source/destination IPs such as VACL's. One of the switches is a 4948.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
leonvd79 Tue, 02/21/2006 - 03:44
User Badges:
  • Silver, 250 points or more

Higher end switches support NetFlow accounting.

Sniffer software such as Etherreal has powerfull capabilities and are able to filter packets based on protcol type, source/destination and TCP/UDP ports. If you don't want to capture ALL traffic try to start by capturing subnet attached to VLAN 1, and do the same for the consecutive VLANs.

arvindchari Tue, 02/21/2006 - 04:03
User Badges:
  • Bronze, 100 points or more

What would be the likely purpose of capturing all data / traffic originating from all ports? If it is something related to traffic shaping or predicting traffic flows over a period of time based on the models that are garnered, I think NBAR would suffice very nicely.


This Discussion