Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Mirroring on 4500 Switch.

Hi,

I have one qeustion for you all.

Next config is my customer's switch configuration.

-----------------------------------------

ackbone_SW#sh monitor detail

Session 1

---------

Type : Local Session

Source Ports :

RX Only : None

TX Only : None

Both : None

Source VLANs :

RX Only : None

TX Only : None

Both : 20-22,30,40,50

Source RSPAN VLAN : None

Destination Ports : Gi5/19

Encapsulation : DOT1Q

Ingress : Disabled ----> what function is this ?

Learning : Disabled ----> what function is this ?

Filter VLANs : None

Filter Addr Type :

RX Only : None

TX Only : None

Both : None

Filter Pkt Type :

RX Only : None

Dest RSPAN VLAN : None

IP Access-group : None

--------------------------------------

I'm waiting your answer.

Thanks so much.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Mirroring on 4500 Switch.

It means that the traffic you monitor will include dot1q tags to tell you which VLAN they came from.

Beware: if your are using Ethereal or Wireshark, or other PC based monitor, the NIC will usually strip off the dot1q header before the traffic gets to the analyser. If you want to see the dot1q header, you usually have to hack the registry. I wrote about it in my blog:

http://dorreke.wordpress.com/2008/05/01/seeing-dot1q-tagged-traffic-in-ethereal/

Kevin Dorrell

Luxembourg

4 REPLIES

Re: Mirroring on 4500 Switch.

Port G5/19 is where you put your monitoring machine ... sniffer or whatever.

"Ingress disabled" means that if your monitoring machine generates any packets, they will not be propagated to the network. You might want to enable ingress, for example, when your monitoring machine is also your workstation, that should have access to your network.

Learning disabled means that if your monitoring machine generates any packets, their source address does not go into the MAC forwarding table of the switch. That is, packets to that address will continue to be unicast flooded.

Kevin Dorrell

Luxembourg

Community Member

Re: Mirroring on 4500 Switch.

Thanks so much your reply.

If you are ok, I have one more question.

In mirroring section, why I have to put dot1q ?

For vlans mirroring ? Is that right ?

Regards,

Re: Mirroring on 4500 Switch.

It means that the traffic you monitor will include dot1q tags to tell you which VLAN they came from.

Beware: if your are using Ethereal or Wireshark, or other PC based monitor, the NIC will usually strip off the dot1q header before the traffic gets to the analyser. If you want to see the dot1q header, you usually have to hack the registry. I wrote about it in my blog:

http://dorreke.wordpress.com/2008/05/01/seeing-dot1q-tagged-traffic-in-ethereal/

Kevin Dorrell

Luxembourg

Community Member

Re: Mirroring on 4500 Switch.

Thanks so much .

My questions was solved.

I'm so sorry but could you relpy about another my post on this board ?

It is about Mirroring of C6509.

Have a nice day.

120
Views
5
Helpful
4
Replies
CreatePlease to create content