Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4934
Views
0
Helpful
5
Replies

SPAN Configuration in Catalyst 3750

anylmjn111
Level 1
Level 1

‎01-01-2012 10:37 PM - edited ‎03-07-2019 04:07 AM

Hi,

I have CISCO catalyst with VLANs (VLAN ID 33, 36, 40-53) configured. I need to configure port mirroring in Switch 3750 for NAC (Network Access Control).  I need to Monitor all the VLANs. Here is the SPAN configuration of switch:

Interface fa 1/0/8

Description ******NAC-MONITOR-PORT******

Switchport trunk encapsulation dot1q

Switchport mode trunk

|

Interface fa 1/0/9

Description ******NAC-Response-PORT******

Switchport trunk encapsulation dot1q

Switchport mode trunk

Monitor session 1 source vlan 33 , 36 , 40 – 53

Monitor Session 1 destination interface fa 1/0/8  (here I am not able to set encapsulation dot1q ) because the error occurred saying %one or more dest port do not support the encapsulation%. please suggest why this error occured?

Labels:
0 Helpful
5 Replies 5

mfarrenkopf
Level 1
Level 1

‎01-01-2012 10:50 PM

It looks like you need to change the destination command to:

monitor session 1 destination interface fa1/0/8 encapsulation replicate

Otherwise, it tries to send the traffic untagged.  If you want everything that the interface is seeing, that won't work.

0 Helpful

anylmjn111
Level 1
Level 1
In response to mfarrenkopf

‎01-04-2012 03:39 AM

i Have changed the destination command as you have suggested:

monitor session 1 destination interface fa 1/0/8 encapsulation replicate

but still i am not able to see mirror traffic from VLAN 33, 36 , 40 -53 in NAC appliance. All the traffic is seen as untagged.

0 Helpful

mfarrenkopf
Level 1
Level 1
In response to anylmjn111

‎01-04-2012 12:21 PM

Have you tried hooking up a sniffer like Wireshark to capture a sample of the traffic you're seeing?  I'm wondering if the 3750 is passing the traffic tagged and the NAC is not set up correctly.

The other thought I had:  is one of those VLANs a native VLAN?  You don't show it in your config above; I wasn't sure if you abbreviated the configuration or if that's the entire config for those ports.  If you've got a native VLAN and if that native VLAN is carrying most of the traffic, you won't see tags for the majority of it.

0 Helpful

viswamin
Cisco Employee
Cisco Employee

‎01-02-2012 01:07 AM

I just happened to go through the link and it suggests different ways of implemention

http://www.colasoft.com/resources/span.pdf

Not sure although if it work.

-Vijay

0 Helpful

David Cho
Level 1
Level 1

‎02-27-2013 03:40 PM

Anyl,

was your original problem resolved?  If so, can you share the solution?

Thanks,

David

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card