Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

A Catalyst SPAN question

Hello,

I have a device which needs to listen to all traffic on a specific VLAN, but i also need this device to be able to communicate (at Layer 3) with some other computers in a different subnet.

I have a 4500 series and a 3560 series.

On the 4500 i used a command like this one :

monitor session 1 source vlan 15

monitor session 1 destination interface Gi5/3 ingress vlan 14 learning

and this works perfectly.

BUT

i need to do the same thing on the 3560 one but this Catalyst doesn't support the "learning" tag.

When i read the IOS documentation i can read that for a SPAN destination port :

"?When it is active, incoming traffic is disabled. The port does not transmit any traffic except that required for the SPAN session. Incoming traffic is never learned or forwarded on a destination port.

?If ingress traffic forwarding is enabled for a network security device, the destination port forwards traffic at Layer 2."

My question is i am wondering if activating the ingress parameter on my destination port will work (in fact this is certainly an english understanding problem since i am french). Unfortunatly i can't make tests like i did with the 4500 L3 Switch, this is why i ask here to be sure of how this will work when i will have to set the 3560 thing up.

(hope to be understandable)

Thanks by advance for any help

2 REPLIES
Bronze

Re: A Catalyst SPAN question

Try this configuration in your 3560 (change the interface depends upon your device)

This shows how to set up SPAN session 1 for monitoring source port traffic to a destination port. First, any existing SPAN configuration for session 1 is deleted, and then bidirectional traffic is mirrored from source Gigabit Ethernet port 1 to destination Gigabit Ethernet port 2, retaining the encapsulation method.

Switch(config)# no monitor session 1

Switch(config)# monitor session 1 source interface gigabitethernet1/0/1

Switch(config)# monitor session 1 destination interface gigabitethernet1/0/2 encapsulation replicate

Switch(config)# end

This example shows how to remove port 1 as a SPAN source for SPAN session 1:

Switch(config)# no monitor session 1 source interface gigabitethernet1/0/1

Switch(config)# end

New Member

Re: A Catalyst SPAN question

Thanks anyway but this is not what i need :

I need to monitor a VLAN a physical Interface or whatever AND : still be able to act as a normal workstation which means, i need to be able to send and receive packets to the whole Network (instead of just receiving monitored trafic / packet)

98
Views
0
Helpful
2
Replies